Headline
CVE-2022-0565: Svg sanitization (#11386) · pimcore/pimcore@7697f70
Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1.
Commit
Permalink
Browse files
Browse the repository at this point in the history
Svg sanitization (#11386)
* setting up the svg saniziter on logo and assets upload
* more detailed exception message
* changed to mime type check instead of file extension
* adding the sanitization to “Upload new version”
* refactor to sanitize on preAdd/preUpdate, rollback AssetController.php
* fix resource|string, null given on mime_content_type
* using symfony mime component + small tweaks
* avoiding save without changes case
* tweak when checking if is image type
- Loading branch information