CVE-2023-27586

🗓️ 20 Mar 2023 16:13:15Reported by GitHub_MType

CairoSVG prior to 2.7.0 allows SSRF and DoS via crafted SVG file. Version 2.7.0 disables online access

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 38
OSV	GHSA-RWMF-W63J-P7GV CairoSVG improperly processes SVG files loaded from external resources	20 Mar 202321:27	–	osv
OSV	DSA-5382-1 cairosvg - security update	5 Apr 202300:00	–	osv
OSV	PYSEC-2023-9	20 Mar 202316:15	–	osv
OSV	MGASA-2023-0126 Updated python-cairosvg packages fix security vulnerability	6 Apr 202321:20	–	osv
OSV	CVE-2023-27586	20 Mar 202316:15	–	osv
OSV	UBUNTU-CVE-2023-27586	20 Mar 202316:15	–	osv
OSV	OPENSUSE-SU-2023:0272-1 Security update for python-CairoSVG	25 Sep 202322:02	–	osv
OSV	OPENSUSE-SU-2024:13218-1 python310-CairoSVG-2.7.1-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	OPENSUSE-SU-2023:0260-1 Security update for python-CairoSVG	25 Sep 202312:02	–	osv
Prion	Server side request forgery (ssrf)	20 Mar 202316:15	–	prion

Nvd

Vulners

Node

courtbouillon cairosvgRange<2.7.0

[
  {
    "vendor": "Kozea",
    "product": "CairoSVG",
    "versions": [
      {
        "version": "< 2.7.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/Kozea/CairoSVG/releases/tag/2.7.0
github	www.github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
github	www.github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53
github	www.github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Mar 2023 16:15Current

8.1High risk

Vulners AI Score8.1

CVSS37.1 - 9.9

EPSS0.00069

SSVC