- Description
- Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive.
- Source
- cve@gitlab.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cve@gitlab.com
- CWE-79
- Hype score
- Not currently trending
CVE Alert: CVE-2024-12326 - https://t.co/2ZqylsswLF #OSINT #ThreatIntel #CyberSecurity #cve_2024_12326
@RedPacketSec
7 Dec 2024
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12326 Case Insensitive MIME Type Bypass Enables SVG XSS in Jira... https://t.co/X1kZNe0wl9 Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
6 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12326 Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done … https://t.co/zEr9UM74pl
@CVEnew
6 Dec 2024
345 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes