Description

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

Remediation

References

https://github.com/BigBadaboom/androidsvg/issues/122

Related Vulnerabilities

CVE-2019-10782 Vulnerability in maven package com.puppycrawl.tools:checkstyle

CVE-2019-0205 Vulnerability in maven package org.webjars.bower:thrift

CVE-2019-1003032 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.10

CVE-2019-15482 Vulnerability in npm package selectize-plugin-a11y

Severity

High

Classification

CWE-611 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory