Description
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
Remediation
References
https://github.com/BigBadaboom/androidsvg/issues/122
Related Vulnerabilities
CVE-2020-6428 Vulnerability in npm package electron
CVE-2023-25761 Vulnerability in maven package org.jenkins-ci.plugins:junit
CVE-2020-8203 Vulnerability in maven package org.webjars:lodash
CVE-2019-5483 Vulnerability in npm package seneca
CVE-2019-10747 Vulnerability in maven package org.webjars.npm:set-value