Joxean Koret entdeckte, dass das Python-SVG-Import-Plugin in dia, einem vektororientierten Diagramm-Editor, eingelesene Daten aus einer SVG-Datei nicht korrekt entschärft. Dadurch kann das Programm dazu gebracht werden, beliebigen Python-Code auszuführen.
Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code.
Potentially sensitive or inappropriate content
Examples are used only to help you translate the word or expression searched in various contexts. They are not selected or validated by us and can contain inappropriate terms or ideas. Please report examples to be edited or not to be displayed. Potentially sensitive, inappropriate or colloquial translations are usually marked in red or in orange.
