cbcvebase.
CVE-2023-38633
published 2023-07-22

CVE-2023-38633: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem…

PriorityP429medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
2.13%
79.7th percentile
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

Affected

16 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianlibrsvg< librsvg 2.54.7+dfsg-1~deb12u1 (bookworm)librsvg 2.54.7+dfsg-1~deb12u1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
gnomelibrsvg>= 0 < 2.50.3+dfsg-1+deb11u12.50.3+dfsg-1+deb11u1
gnomelibrsvg>= 0 < 2.54.7+dfsg-1~deb12u12.54.7+dfsg-1~deb12u1
gnomelibrsvg>= 0 < 2.54.7+dfsg-12.54.7+dfsg-1
gnomelibrsvg>= 0 < 2.54.7+dfsg-12.54.7+dfsg-1
gnomelibrsvg>= 2.42.3 < 2.46.62.46.6
gnomelibrsvg>= 2.48.0 < 2.48.112.48.11
gnomelibrsvg>= 2.50.0 < 2.50.82.50.8
gnomelibrsvg>= 2.52.0 < 2.52.102.52.10
gnomelibrsvg>= 2.54.0 < 2.54.62.54.6
gnomelibrsvg>= 2.55.0 < 2.55.32.55.3
gnomelibrsvg>= 2.56.0 < 2.56.32.56.3

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.