{"vulnerability": "CVE-2023-38633", "sightings": [{"uuid": "e680ad01-29f9-430a-889c-bd080a1f7023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/185", "content": "When URL parsers disagree (CVE-2023-38633)\n\n\ud83d\udc64 by Zac Sims\n\nCanva's uses librsvg to quickly render user-provided SVGs into thumbnails later displayed as PNGs. By exploiting differences in URL parsers when rendering an SVG with librsvg, they showed it's possible to include arbitrary files from disk in the resulting image. The librsvg maintainers quickly patched the issue and issued a security vulnerability (CVE-2023-38633).\n\n\ud83d\udcdd Contents:\n\u25cf Prequel\n\u25cf XInclude\n\u25cf There are rules\n\u25cf Parser Mismatch\n\u25cf Bypassing Validation\n\u25cf Bypassing Canonicalization\n\u25cf Proof of concept\n\u25cf Patch\n\u25cf Timeline\n\nhttps://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/\n\nIf the link above doesn't work use a web archive version.", "creation_timestamp": "2023-09-05T08:41:50.000000Z"}, {"uuid": "21be3d59-9bb5-4939-9f9f-3c4b478308d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/33", "content": "\u26a1\ufe0f\u041e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u043f\u0440\u0438 \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0438 \u0432 URL-\u043f\u0430\u0440\u0441\u0435\u0440\u0435 \u0441\u0445\u0435\u043c\u044b \u0444\u0430\u0439\u043b\u0430. CVE-2023-38633\n\n\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u043d\u0430\u044f  \u0432 \u043e\u0431\u0445\u043e\u0434\u0435 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 SVG\ud83e\udd16\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0441\u0442\u0430\u0442\u044c\u044e: https://habr.com/ru/companies/ruvds/articles/760766/\n\n#cve #web #pentest", "creation_timestamp": "2023-09-24T18:59:31.000000Z"}, {"uuid": "51d8a6f9-3dde-4532-b64f-bf2e13d9bae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/kasraone_com/533", "content": "\ud83d\udd34 CVE\n\n     CVE-2023-38633\n\n\n\u0648\u0628\u0644\u0627\u06af : Canva \n  \n    URL : \n\nhttps://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/\n\n #bug_bounty #Hunters", "creation_timestamp": "2023-10-05T19:42:45.000000Z"}, {"uuid": "cd3acb2c-517f-4697-b3ba-0375a1901c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/67117", "content": "\u203c CVE-2023-38633 \u203c\n\nA directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-22T20:24:33.000000Z"}, {"uuid": "94a032a2-ed2e-4898-b2f9-405f8f4e4f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/109", "content": "\u26a1\ufe0f\u041e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u043f\u0440\u0438 \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0438 \u0432 URL-\u043f\u0430\u0440\u0441\u0435\u0440\u0435 \u0441\u0445\u0435\u043c\u044b \u0444\u0430\u0439\u043b\u0430. CVE-2023-38633\n\n\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u043d\u0430\u044f  \u0432 \u043e\u0431\u0445\u043e\u0434\u0435 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 SVG\ud83e\udd16\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0441\u0442\u0430\u0442\u044c\u044e: https://habr.com/ru/companies/ruvds/articles/760766/\n\n#cve #web #pentest", "creation_timestamp": "2023-09-24T18:59:31.000000Z"}, {"uuid": "0ac17315-1744-4fea-b35d-247f11bff5f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/arpsyndicate/1625", "content": "#ExploitObserverAlert\n\nCVE-2023-38633\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-38633. A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element.\n\nFIRST-EPSS: 0.002740000\nNVD-IS: 3.6\nNVD-ES: 1.8", "creation_timestamp": "2023-12-10T13:12:26.000000Z"}, {"uuid": "247e4f36-2e6e-4926-86b1-dd35ec08fc12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1032", "content": "CVE-2023-38633 : librsvg &lt; 2.56.3 - \u0641\u0627\u06cc\u0644 \u062f\u0644\u062e\u0648\u0627\u0647 \u062f\u0631 \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 xinclude href \u062f\u0627\u0631\u0627\u06cc \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc \u062e\u0627\u0635 \u0627\u0633\u062a \u062e\u0648\u0627\u0646\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f\n\u0644\u06cc\u0646\u06a9 : https://gitlab.gnome.org/GNOME/librsvg/-/issues/996\n\nCVE-2023-38633 :  librsvg &lt; 2.56.3 -  Arbitrary file read when xinclude href has special characters\nLink : https://gitlab.gnome.org/GNOME/librsvg/-/issues/996", "creation_timestamp": "2024-04-28T10:37:15.000000Z"}, {"uuid": "366be3d0-5c54-4489-ad80-c5ed8adc60c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/853", "content": "CVE-2023-38633 : librsvg &lt; 2.56.3 'URL-Decoder ' - Arbitrary File Read\nPOC : https://gitlab.gnome.org/GNOME/librsvg/-/issues/996", "creation_timestamp": "2023-08-22T14:35:00.000000Z"}, {"uuid": "978c4d49-936e-41ad-9559-f0a9ccf46ba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38633", "type": "seen", "source": "https://t.me/thebugbountyhunter/7742", "content": "When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog\n\nhttps://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/", "creation_timestamp": "2023-09-05T21:15:16.000000Z"}]}