When URL parsers disagree (CVE-2023-38633, librsvg)

www.canva.dev

cross-posted to:
rust@programming.dev

When URL parsers disagree (CVE-2023-38633, librsvg)

www.canva.dev

bot@lemmy.smeargle.fansMB to Hacker News@lemmy.smeargle.fans · 2 years ago

cross-posted to:
rust@programming.dev

When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog

www.canva.dev

Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

HN Discussion

You must log in or # to comment.

Chat

Hacker News@lemmy.smeargle.fans

hackernews@lemmy.smeargle.fans

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !hackernews@lemmy.smeargle.fans

Community locked: only moderators can create posts. You can still comment on posts.

A mirror of Hacker News’ best submissions.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

2 users / day
2 users / week
2 users / month
24 users / 6 months
1 local subscriber
2.17K subscribers
16.3K Posts
4.14K Comments
Modlog

mods:
bot@lemmy.smeargle.fans