A SSRF may allow remote attackers to forge illegitimate requests.
Package | dev-java/svgsalamander on all architectures |
---|---|
Affected versions | <= 0.0-r2 |
Unaffected versions |
SVG Salamander is a light weight SVG renderer and animator for Java.
A Server-Side Request Forgery was discovered in SVG Salamander.
An attacker, by sending a specially crafted SVG file, can conduct SSRF.
There is no known workaround at this time.
Gentoo has discontinued support for SVG Salamander. We recommend that users unmerge SVG Salamander:
# emerge --unmerge "dev-java/svgsalamander"
Release date
March 14, 2020
Latest revision
March 14, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries