Project

General

Profile

Actions

Bug #100234

closed

Incorporate tests of enshrined/svg-sanitize:v0.16.0

Added by Oliver Hader over 1 year ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Should have
Assignee:
Category:
Security
Target version:
-
Start date:
2023-03-21
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

It looks like the security release enshrined/svg-sanitize:v0.16.0 did not fix a real vulnerability and was a false-positive:

Passing the two new added test files with the previous version v0.15.4 of that package did not reveal any valid attack vector - all entities are correctly encoded and would not have lead to an exploit in a browser context. This change in the TYPO3 context aims to demonstrate that there is no vulnerability.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Task #100233: Upgrade enshrined/svg-sanitize to ^0.16Rejected2023-03-20

Actions
Related to TYPO3 Core - Task #103722: Detected vulnerability with package 'enshrined/svg-sanitize' Closed2024-04-25

Actions
Actions

Also available in: Atom PDF