Description
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
Remediation
References
https://github.com/BigBadaboom/androidsvg/issues/122
Related Vulnerabilities
CVE-2022-39387 Vulnerability in maven package org.xwiki.contrib.oidc:oidc-authenticator
CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash
CVE-2021-46089 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2020-7672 Vulnerability in npm package mosc
CVE-2019-14653 Vulnerability in maven package org.webjars.npm:editor.md