{"id":"MGASA-2023-0126","summary":"Updated python-cairosvg packages fix security vulnerability","details":"CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior\nto version 2.7.0, Cairo can send requests to external hosts when\nprocessing SVG files. A malicious actor could send a specially crafted SVG\nfile that allows them to perform a server-side request forgery or denial\nof service. Version 2.7.0 disables CairoSVG's ability to access other\nfiles online by default. (CVE-2023-27586)\n","modified":"2026-04-16T04:44:15.692882542Z","published":"2023-04-06T21:20:12Z","upstream":["CVE-2023-27586"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0126.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31730"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5HDBMOMLE6GFKXPLKIWFWM2Q6V4DQKXP/"},{"type":"ADVISORY","url":"https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv"}],"affected":[{"package":{"name":"python-cairosvg","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python-cairosvg?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.1-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0126.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}