19 matches found
openSUSE: Security Advisory for python (openSUSE-SU-2023:0260-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for python (openSUSE-SU-2023:0272-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : python-CairoSVG (openSUSE-SU-2023:0272-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0272-1 advisory. - CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression...
openSUSE 15 Security Update : python-CairoSVG (openSUSE-SU-2023:0260-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0260-1 advisory. - CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression...
Security update for python-CairoSVG (moderate)
openSUSE Security Update: Security update for python-CairoSVG Announcement ID: openSUSE-SU-2023:0272-1 Rating: moderate References: 1180648 1209538 Cross-References: CVE-2021-21236 CVE-2023-27586 CVSS scores: CVE-2021-21236 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-27586 NVD...
OPENSUSE-SU-2023:0272-1 Security update for python-CairoSVG
This update for python-CairoSVG fixes the following issues: - CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. boo1209538 - Update to version 2.5.2 Fix marker path scale - Update to version 2.5.1 boo1180648, CVE-2021-21236: Security fix: When processing SVG files,...
OPENSUSE-SU-2023:0260-1 Security update for python-CairoSVG
This update for python-CairoSVG fixes the following issues: - CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. boo1209538 - Update to version 2.5.2 Fix marker path scale - Update to version 2.5.1 boo1180648, CVE-2021-21236: Security fix: When processing SVG files,...
Security update for python-CairoSVG (moderate)
openSUSE Security Update: Security update for python-CairoSVG Announcement ID: openSUSE-SU-2023:0260-1 Rating: moderate References: 1180648 1209538 Cross-References: CVE-2021-21236 CVE-2023-27586 CVSS scores: CVE-2021-21236 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-27586 NVD...
Mageia: Security Advisory (MGASA-2023-0126)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-cairosvg packages fix security vulnerability
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...
Debian DSA-5382-1 : cairosvg - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5382 advisory. It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource...
Fedora 38 : python-cairosvg (2023-e4a4ea43d8)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e4a4ea43d8 advisory. - Update python-cairosvg version 2.7.0 - Disable isort flake8 patch updated - Fix CVE-2023-27586 - BZ2180272 BZ2180271 Tenable has extracted the preceding...
Fedora 36 : python-cairosvg (2023-064525b17b)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-064525b17b advisory. - Update python-cairosvg version 2.7.0 - Disable isort flake8 patch updated - Fix CVE-2023-27586 - BZ2180272 BZ2180271 Tenable has extracted the preceding...
Fedora 37 : python-cairosvg (2023-ab86bdbce6)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ab86bdbce6 advisory. - Update python-cairosvg version 2.7.0 - Disable isort flake8 patch updated - Fix CVE-2023-27586 - BZ2180272 BZ2180271 Tenable has extracted the preceding...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:PYSEC-2023-9...
CVE-2023-27586 CairoSVG improperly processes SVG files loaded from external resources
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...
CVE-2023-27586
CVE-2023-27586 affects CairoSVG prior to 2.7.0, where Cairo could make requests to external hosts while processing SVGs. The underlying issue is external resource loading, enabling server-side request forgery (SSRF) and potential denial of service. The connected advisories confirm that version 2....
CVE-2023-27586 CairoSVG improperly processes SVG files loaded from external resources
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...
CVE-2023-27586
creationtimestamp| type| source ---|---|--- 2023-03-20 14:35:42+00:00| published-proof-of-concept| https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv 2023-03-20 21:04:15+00:00| seen| https://t.me/cibsecurity/60328...