Vulnerabilities > CVE-2023-27586 - Server-Side Request Forgery (SSRF) vulnerability in Courtbouillon Cairosvg

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
courtbouillon
CWE-918
NVD
Published: 2023-03-20
Updated: 2023-03-23

Summary

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.

Vulnerable Configurations

Part Description Count
Application
Courtbouillon
60

Common Weakness Enumeration (CWE)

References