Home > Vulnerability Database > CVE-2023-38633

Mend.io Vulnerability Database

CVE-2023-38633

Date: July 21, 2023

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

Language: RUST

Severity Score

5.5

Related Resources (18)

Url: http://seclists.org/fulldisclosure/2023/Jul/43

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/

Url: https://access.redhat.com/security/cve/CVE-2023-38633

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38633

Url: https://www.debian.org/security/2023/dsa-5484

Url: https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3

Url: https://security.netapp.com/advisory/ntap-20230831-0011/

Url: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996

Url: https://bugzilla.suse.com/show_bug.cgi?id=1213502

Url: https://news.ycombinator.com/item?id=37415799

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/

Url: https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/

Url: http://www.openwall.com/lists/oss-security/2023/07/27/1

Url: http://www.openwall.com/lists/oss-security/2023/09/06/10

Url: https://security-tracker.debian.org/tracker/CVE-2023-38633

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/

Url: https://www.mend.io/vulnerability-database/CVE-2023-38633

Severity Score

5.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38633

Date: July 21, 2023

Language: RUST

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?