[ilAdmins] ILIAS Security Issue: SVG Files Uploaded as Media Objects
mjansen at databay.de
Fri Apr 7 15:26:08 CEST 2017
Dear list members,
again a media object related security issue has been identified and
fixed for ILIAS versions >= 5.0. A big "Thank you" goes to researcher
Julian Rittweger for reporting this issue.
It was possible to upload SVG files as media objects (e.g. in wiki
With the latest fix of the responsible code maintainer, SVG files will
be sanitized when uploaded to ILIAS.
We advise strongly to update your ILIAS installation to the latest
on behalf of the ILIAS e.V. and the Technical Board
More information about the ilias-admins