php-svg-lib prior to 0.5.1 merging attributes on <use> tag to <image> tag leads to PHAR Deserialization vulnerabilit
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
Veracode | Insecure Deserialization/Unsafe Attributes Merge | 13 Dec 202306:48 | – | veracode |
Cvelist | CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag | 12 Dec 202320:39 | – | cvelist |
OSV | CVE-2023-50252 | 12 Dec 202321:15 | – | osv |
OSV | php-dompdf-svg-lib - security update | 20 Mar 202400:00 | – | osv |
NVD | CVE-2023-50252 | 12 Dec 202321:15 | – | nvd |
UbuntuCve | CVE-2023-50252 | 12 Dec 202300:00 | – | ubuntucve |
Debian CVE | CVE-2023-50252 | 12 Dec 202321:15 | – | debiancve |
Prion | Deserialization of untrusted data | 12 Dec 202321:15 | – | prion |
Tenable Nessus | Debian dsa-5642 : php-dompdf-svg-lib - security update | 20 Mar 202400:00 | – | nessus |
OpenVAS | Debian: Security Advisory (DSA-5642-1) | 21 Mar 202400:00 | – | openvas |
[
{
"vendor": "dompdf",
"product": "php-svg-lib",
"versions": [
{
"version": "< 0.5.1",
"status": "affected"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo