Description

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Remediation

References

https://github.com/BigBadaboom/androidsvg/issues/122

Related Vulnerabilities

CVE-2022-25847 Vulnerability in npm package serve-lite

CVE-2020-28440 Vulnerability in npm package corenlp-js-interface

CVE-2018-1000136 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-37946 Vulnerability in maven package org.openshift.jenkins:openshift-login

CVE-2017-12634 Vulnerability in maven package org.apache.camel:camel-castor

Severity

High

Classification

CWE-611 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory