Project

General

Profile

Actions

Bug #96990

closed

Update enshrined/svg-sanitize to v0.15.0

Added by Leo Viezens over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Target version:
-
Start date:
2022-02-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

From Github (https://github.com/advisories/GHSA-fqx8-v33p-4qcc):

SVG sanitizer library before version 0.15.0 did not
- remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded
- in HTML (fetched as text/html) was susceptible to cross-site scripting.

TYPO3 9.5 currently uses enshrined/svg-sanitize:^0.14. This should get updated to enshrined/svg-sanitize:^0.15.


Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #96901: Upgrade enshrined/svg-sanitize to ^0.15Closed2022-02-15

Actions
Actions

Also available in: Atom PDF