4 matches found
XML External Entity (XXE)
svgoptimizer is vulnerable to XML external entity XXE . The vulnerability exists due to allowing XXE by default in svgoptimizer.rb which could allow an attacker to escalate privileges...
XML External Entity (XXE) Injection
Overview svgoptimizer is a SVG optimization based on Node's SVGO Affected versions of this package are vulnerable to XML External Entity XXE Injection when optimizing untrusted SVG content. An attacker can escalate privileges by exploiting the external XML entity XXE vulnerability. This is only...
svg_optimizer rubygem external XML entity (XXE) vulnerability
An issue in Fnando svgoptimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content...
External XML entity (XXE) vulnerability in svg_optimizer rubygem
An issue in Fnando svgoptimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content...