CVE-2023-46035: svg_optimizer rubygem external XML entity (XXE) vulnerability
An issue in Fnando svg_optimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content.
References
- github.com/advisories/GHSA-6hvg-62q8-95v7
- github.com/fnando/svg_optimizer/commit/8244ff25b51a16892496e9d9f7191dba393f7af0
- github.com/fnando/svg_optimizer/commit/b1b5013db297494daba5676b9fa4423ffc5e96fa
- github.com/fnando/svg_optimizer/pull/17
- github.com/rubysec/ruby-advisory-db/blob/master/gems/svg_optimizer/CVE-2023-46035.yml
Detect and mitigate CVE-2023-46035 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →