When URL parsers disagree (CVE-2023-38633, librsvg)

www.canva.dev

cross-posted to:
rust@programming.dev

When URL parsers disagree (CVE-2023-38633, librsvg)

www.canva.dev

bot@lemmy.smeargle.fansMB to Hacker News@lemmy.smeargle.fans · 1 year ago

cross-posted to:
rust@programming.dev

When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog

www.canva.dev

Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

HN Discussion

You must log in or register to comment.

Chat