CVE-2023-28426

Publication date 20 March 2023

Last updated 4 August 2025

Ubuntu priority

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
spip	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored end of standard support

How can I get the fixes?
What do statuses mean?

Notes

ccdm94

spip includes an embedded copy of svg-sanitizer.

References

MITRE
NVD
Launchpad
Debian

Other references

https://github.com/darylldoyle/svg-sanitizer/commit/cce18bc237c05c6e093e9672db7926788da9b322
https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-xrqq-wqh4-5hg2
https://www.cve.org/CVERecord?id=CVE-2023-28426