External XML entity (XXE) vulnerability in svg_optimizer rubygem
Published: October 19, 2023
SECURITY IDENTIFIERS
- CVE: CVE-2023-46035 (NVD)
- GHSA: GHSA-6hvg-62q8-95v7
- Vendor Advisory: https://github.com/fnando/svg_optimizer/pull/17
GEM
PATCHED VERSIONS
>= 0.3.0
DESCRIPTION
An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.