When URL parsers disagree (CVE-2023-38633, librsvg)
When URL parsers disagree (CVE-2023-38633, librsvg)
www.canva.dev When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog
Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.
There is a discussion on Hacker News, but feel free to comment here as well.
0 comments