← Retour aux CVEs
CVE-2021-41118
MEDIUM5.3
Description
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.
Details CVE
Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie10/4/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
dynamicpagelist3_project:dynamicpagelist3
Faiblesses (CWE)
CWE-400
References
https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7(security-advisories@github.com)
https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6(security-advisories@github.com)
https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4(security-advisories@github.com)
https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.