Description
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
Remediation
References
https://github.com/BigBadaboom/androidsvg/issues/122
Related Vulnerabilities
CVE-2022-23541 Vulnerability in maven package org.webjars.npm:jsonwebtoken
CVE-2021-23359 Vulnerability in npm package port-killer
CVE-2017-2603 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-7680 Vulnerability in maven package org.webjars.npm:docsify
CVE-2022-42468 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source