CVE-2023-38633

Summary

CVE-2023-38633 is a directory traversal vulnerability affecting the URL decoder in librsvg before version 2.56.3. Attackers, whether local or remote, can exploit this issue by inserting specially crafted URLs, such as "href=".?../../../../../../../../../../etc/passwd" in an xi:include element, to disclose files outside of the intended area on the local filesystem. This vulnerability poses a significant risk, as it allows unauthorized access to sensitive information. Users are advised to upgrade to the latest version of librsvg to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.