SVG Salamander: Server-Side Request Forgery

SVG Salamander: Server-Side Request Forgery A SSRF may allow remote attackers to forge illegitimate requests. svgsalamander 2020-03-14 2020-03-14 607720 remote 0.0-r2

SVG Salamander is a light weight SVG renderer and animator for Java.

A Server-Side Request Forgery was discovered in SVG Salamander.

An attacker, by sending a specially crafted SVG file, can conduct SSRF.

There is no known workaround at this time.

Gentoo has discontinued support for SVG Salamander. We recommend that users unmerge SVG Salamander:


      # emerge --unmerge "dev-java/svgsalamander"

CVE-2017-5617 b-man b-man