Description
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://fortiguard.com/zeroday/FG-VD-19-115
Patch, Third Party Advisory x_refsource_misc
https://git.drupalcode.org/project/svg_sanitizer/commit/e1b0666
Scores
CVSS v3
7.5
EPSS
0.0038
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-732
Status
published
Products (2)
drupal/svg_sanitizer
8.x-1.0 alpha1
drupal/svg_sanitizer
< 7.x-1.5
Published
Nov 11, 2019
Tracked Since
Feb 18, 2026