Vulnerabilities > CVE-2020-10799 - XXE vulnerability in Svglib Project Svglib

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2020-03-20

Updated: 2020-03-24

Summary

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.

Part	Description	Count
Application	Svglib_Project Svglib Project Svglib 0.6.3 Svglib Project Svglib 0.8.0 Svglib Project Svglib 0.8.1 Svglib Project Svglib 0.9.0 Svglib Project Svglib 0.9.1 Svglib Project Svglib 0.9.2 Svglib Project Svglib 0.9.3	8