CVE-2021-41118

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set $wgDplSettings['functionalRichness'] = 0; or disable DynamicPageList3 to mitigate.

Ссылки

https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7
Patch
Third Party Advisory
https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6
Release Notes
Third Party Advisory
https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4
Mitigation
Third Party Advisory
https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7
Patch
Third Party Advisory
https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6
Release Notes
Third Party Advisory
https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dynamicpagelist3_project:dynamicpagelist3:*:*:*:*:*:mediawiki:*:*

Версия до 3.3.6 (исключая)

EPSS

Процентиль: 58%

0.00366

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

EPSS

Процентиль: 58%

0.00366

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400