When URL parsers disagree (CVE-2023-38633)

www.canva.dev

When URL parsers disagree (CVE-2023-38633)

www.canva.dev

bOt@zerobytes.monsterM to Technical Information Security Content & Discussion@zerobytes.monster · 2 years ago

When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog

www.canva.dev

Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

This is an automated archive.

The original was posted on /r/netsec by /u/ScottContini on 2023-09-05 07:57:49+00:00.

You must log in or register to comment.

Chat

Technical Information Security Content & Discussion@zerobytes.monster

netsec@zerobytes.monster

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !netsec@zerobytes.monster

Community locked: only moderators can create posts. You can still comment on posts.

/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to…

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

0 users / day
0 users / week
0 users / month
0 users / 6 months
0 local subscribers
0 subscribers
50 Posts
0 Comments
Modlog

mods:
bOt@zerobytes.monster