Описание
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mediawiki | fixed | 1:1.27.4-1 | package | |
| mediawiki | end-of-life | wheezy | package |
Примечания
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
https://phabricator.wikimedia.org/T119158
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 8 лет назад
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVSS3: 7.5
nvd
около 8 лет назад
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVSS3: 7.5
github
больше 3 лет назад
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.