Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
crimsonnoodle58
on May 4, 2016
|
parent
|
context
|
favorite
| on:
Remote code execution vulnerability in ImageMagick
We ended up mitigating by sanitising tags+attributes, and validating all xlink:href's in the SVG-XML, using a library like bleach (
https://github.com/mozilla/bleach
) before passing to ImageMagick.
Probably not a bad thing to be doing anyway.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Probably not a bad thing to be doing anyway.