CVE-2017-0367 - log back

CVE-2017-0367 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code as the web user by crafting a cache file whose content will be passe to unserialize().
References
+ https://phabricator.wikimedia.org/T161453
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Notes