1. CVE-Search
  2. CVE-2017-5617
ID CVE-2017-5617
Summary The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:kitfox:svg_salamander:-:*:*:*:*:*:*:*
    cpe:2.3:a:kitfox:svg_salamander:-:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 08-07-2020 - 14:38)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 95871
confirm https://github.com/blackears/svgSalamander/issues/11
debian DSA-3781
fedora
  • FEDORA-2019-3cbce64a64
  • FEDORA-2019-735d3953e8
gentoo GLSA-202003-11
mlist
  • [oss-security] 20170127 SSRF issue in the svgsalamander library
  • [oss-security] 20170129 Re: SSRF issue in the svgsalamander library
Last major update 08-07-2020 - 14:38
Published 16-03-2017 - 15:59
Last modified 08-07-2020 - 14:38
Back to Top