2023-07-22 18:00:30 +00:00
{
"id" : "CVE-2023-38633" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2023-07-22T17:15:09.810" ,
2023-08-01 18:00:36 +00:00
"lastModified" : "2023-08-01T16:09:50.957" ,
"vulnStatus" : "Analyzed" ,
2023-07-22 18:00:30 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element."
}
] ,
2023-08-01 18:00:36 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-22"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.46.6" ,
"matchCriteriaId" : "D368A369-F4C5-459F-AE8B-F8A6BD5C830D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.48.0" ,
"versionEndExcluding" : "2.48.11" ,
"matchCriteriaId" : "EB43F56A-0F8D-42C5-8DC1-0EE957AE9D8E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.50.0" ,
"versionEndExcluding" : "2.50.8" ,
"matchCriteriaId" : "DC1D8EC3-E163-4AED-ACC3-74B2520CD21D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.52.0" ,
"versionEndExcluding" : "2.52.10" ,
"matchCriteriaId" : "4262E2FD-02C5-47A0-A318-F3A080A3719B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.54.0" ,
"versionEndExcluding" : "2.54.6" ,
"matchCriteriaId" : "9A353765-59DE-4581-B063-B5C127261F6E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.55.0" ,
"versionEndExcluding" : "2.55.3" ,
"matchCriteriaId" : "8EE4893F-C118-48E2-B884-D560423D17F2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.56.0" ,
"versionEndExcluding" : "2.56.3" ,
"matchCriteriaId" : "4B6589AD-7D57-46CB-BF8D-FF1D5BFB2D9D"
}
]
}
]
}
] ,
2023-07-22 18:00:30 +00:00
"references" : [
2023-07-28 10:00:30 +00:00
{
"url" : "http://seclists.org/fulldisclosure/2023/Jul/43" ,
2023-08-01 18:00:36 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Not Applicable" ,
"Third Party Advisory"
]
2023-07-28 10:00:30 +00:00
} ,
2023-07-28 02:00:30 +00:00
{
"url" : "http://www.openwall.com/lists/oss-security/2023/07/27/1" ,
2023-08-01 18:00:36 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Mailing List" ,
"Third Party Advisory"
]
2023-07-28 02:00:30 +00:00
} ,
2023-07-22 18:00:30 +00:00
{
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1213502" ,
2023-08-01 18:00:36 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
2023-07-22 18:00:30 +00:00
} ,
{
"url" : "https://gitlab.gnome.org/GNOME/librsvg/-/issues/996" ,
2023-08-01 18:00:36 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Vendor Advisory"
]
2023-07-22 18:00:30 +00:00
} ,
{
"url" : "https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3" ,
2023-08-01 18:00:36 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-07-22 18:00:30 +00:00
}
]
}
