Lancern's Treasure Chest
18:23 · Sep 5, 2023 · Tue
When URL parsers disagree (CVE-2023-38633)
Comments
via serce@users.lobste.rs (serce)
canva.dev
When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog
Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.
Home
Powered by
BroadcastChannel
&
Sepia
