CVE-2017-0370 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Insufficient validation |
Description | The spam blacklist in MediaWiki before 1.28.1 could be bypassed by encoding URLs inside a file inclusion syntax's link parameter. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-236 | mediawiki | 1.28.0-1 | 1.28.1-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
07 Apr 2017 | ASA-201704-3 | AVG-236 | mediawiki | High | multiple issues |
References |
---|
https://phabricator.wikimedia.org/T48143 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html |