CVE-2017-0372

Parameters injection in SyntaxHighlight results in multiple vulnerabilities

EPSS 11.7%

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

Produtos afetados

mediawiki · mediawiki (SyntaxHighlight extension)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugs.debian.org/861585 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html https://phabricator.wikimedia.org/T158689 https://security-tracker.debian.org/tracker/CVE-2017-0372