Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-18854

Good to know:

icon

Date: November 11, 2019

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

Language: PHP

Severity Score

Related Resources (6)

https://plugins.trac.wordpress.org/changeset/2185438
https://fortiguard.com/zeroday/FG-VD-19-113
https://wordpress.org/plugins/safe-svg/#developers
https://nvd.nist.gov/vuln/detail/CVE-2019-18854
https://wpvulndb.com/vulnerabilities/9937
https://www.mend.io/vulnerability-database/CVE-2019-18854

Severity Score

Weakness Type (CWE)

Uncontrolled Recursion

CWE-674

Top Fix

icon

Upgrade Version

Upgrade to version enshrined/svg-sanitize - 0.10.0;pressgang-wp/pressgang - dev-dependabot/npm_and_yarn/mixin-deep-1.3.2;pressgang-wp/pressgang - dev-timber-v2;pressgang-wp/pressgang - no_fix;pressgang-wp/pressgang - dev-master;pressgang-wp/pressgang - dev-test;pressgang-wp/pressgang - v1.x-dev;pressgang-wp/pressgang - dev-dependabot/npm_and_yarn/bl-1.2.3;t3g/svg-sanitize-elts7 - 0.5.2;t3g/svg-sanitize-elts7 - 0.7.2;benedict-w/pressgang - no_fix;darylldoyle/safe-svg - 1.9.5;darylldoyle/safe-svg - dev-dependabot/npm_and_yarn/axios-and-wordpress/scripts-1.6.2;fatfish/importer - v1.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us