Description
If the library is being used in a web application for processing user supplied SVG files then the app is vulnerable to SSRF.
The attacker can send a specially crafted svg file, for example
<svg width="5cm" height="4cm" version="1.1"
xmlns="http://www.w3.org/2000/svg" xmlns:xlink= "http://www.w3.org/1999/xlink">
<image xlink:href="https://host-in-the-trusted-network.com/test.jpg" x="0" y="0" height="50px" width="50px"/>
</svg>
and the lib will send the request inside the trusted network to the host-in-the-trusted-network.com (bypassing the firewall). In general, the attacker can use any scheme supported by default (such as file://, jar:// etc) or use application specific scheme.
How to fix - any schemes apart from data in the xlink:href attribute should be disallowed by default at https://github.com/blackears/svgSalamander/blob/master/svg-core/src/main/java/com/kitfox/svg/ImageSVG.java#L120
Additional information:
https://cwe.mitre.org/data/definitions/918.html
http://www.slideshare.net/d0znpp/ssrf-attacks-and-sockets-smorgasbord-of-vulnerabilities