Svglib
1 CVEs
product
Monthly
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Python
XXE
Svglib
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10799
PyPI
EPSS 1%
CVSS 9.8
CRITICAL
POC
PATCH
Act Now
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Python
XXE
Svglib
NVD
GitHub