When URL parsers disagree (CVE-2023-38633, librsvg)

www.canva.dev

cross-posted to:
[email protected]
[email protected]
netsec

When URL parsers disagree (CVE-2023-38633, librsvg)

www.canva.dev

@[email protected]MB to Hacker [email protected] • 1 year ago

cross-posted to:
[email protected]
[email protected]
netsec

When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog

www.canva.dev

Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

HN Discussion

You must log in or register to comment.

Chat