CVE-2017-0372 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Cross-site scripting |
Description | The SyntaxHighlight extension in MediaWiki before 1.28.1 does not properly validate the 'start' parameter before passing it to Pygments. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-259 | mediawiki | 1.28.1-1 | 1.28.2-1 | Medium | Fixed |
References |
---|
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html https://phabricator.wikimedia.org/T158689 |
Notes |
---|
Apparently the fix is _not_, I repeat _not_, included in the 1.28.1 tarball: https://phabricator.wikimedia.org/T158689 |