A SSRF may allow remote attackers to forge illegitimate requests.
|Package||dev-java/svgsalamander on all architectures|
|Affected versions||<= 0.0-r2|
SVG Salamander is a light weight SVG renderer and animator for Java.
A Server-Side Request Forgery was discovered in SVG Salamander.
An attacker, by sending a specially crafted SVG file, can conduct SSRF.
There is no known workaround at this time.
Gentoo has discontinued support for SVG Salamander. We recommend that users unmerge SVG Salamander:
# emerge --unmerge "dev-java/svgsalamander"
March 14, 2020
March 14, 2020: 1