You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XML External Entity (XXE) Injection
Vulnerable module: com.caverock:androidsvg
Introduced through: com.caverock:androidsvg@1.2.1
Exploit maturity: No known exploit
Fixed in: 1.3.0
Detailed paths and remediation
Introduced through: project@0.0.0 › com.caverock:androidsvg@1.2.1
Reproduction
Solution
Remediation: Upgrade to com.caverock:androidsvg@1.3
Additional Information
Fresco version: latest
Platform version: android
Overview
com.caverock.androidsvg is a SVG parser and renderer for Android.
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the SVG parsing component
The text was updated successfully, but these errors were encountered:
Description
XML External Entity (XXE) Injection
Vulnerable module: com.caverock:androidsvg
Introduced through: com.caverock:androidsvg@1.2.1
Exploit maturity: No known exploit
Fixed in: 1.3.0
Detailed paths and remediation
Introduced through: project@0.0.0 › com.caverock:androidsvg@1.2.1
Reproduction
Solution
Remediation: Upgrade to com.caverock:androidsvg@1.3
Additional Information
Overview
com.caverock.androidsvg is a SVG parser and renderer for Android.
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the SVG parsing component
The text was updated successfully, but these errors were encountered: