---

CVE-2017-0370 - log back

CVE-2017-0370 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Insufficient validation
Description	+ The spam blacklist in MediaWiki before 1.28.1 could be bypassed by encoding URLs inside a file inclusion syntax's link parameter.
References	+ https://phabricator.wikimedia.org/T48143 + https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Notes