[wp-trac] [WordPress Trac] #26256: SVG images get width and height attributes with values of 1
WordPress Trac
noreply at wordpress.org
Sun Jul 6 08:49:09 UTC 2014
#26256: SVG images get width and height attributes with values of 1
-------------------------------------+------------------------------
Reporter: lippe | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by johnbillion):
Replying to [comment:11 ericlewis]:
> What are the security worries here?
The main issue is [http://www.acunetix.com/blog/web-security-zone/articles
/xml-external-entity-xxe-vulnerabilities/ XXE attacks], but there are
others such as recursive entity expansion bombs.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26256#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list