CVE-2017-0370

Опубликовано: 13 апр. 2018

Источник: debian

Описание

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mediawiki	fixed	1:1.27.2-1		package
mediawiki	end-of-life		wheezy	package

Примечания

https://phabricator.wikimedia.org/T48143
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html

Связанные уязвимости

CVE-2017-0370

CVSS3: 5.3

ubuntu

почти 8 лет назад

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

CVE-2017-0370

CVSS3: 4.3

redhat

около 11 лет назад

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

CVE-2017-0370

CVSS3: 5.3

nvd

почти 8 лет назад

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

GHSA-ww8x-gvqv-rgpp

CVSS3: 5.3

github

больше 3 лет назад

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.