Search
Find a vulnerability
Search criteria
2 vulnerabilities found for mediawiki (SyntaxHighlight extension) by mediawiki
CVE-2017-0372 (GCVE-0-2017-0372)
Vulnerability from nvd – Published: 2018-04-13 16:00 – Updated: 2024-09-16 16:27
VLAI
Title
Parameters injection in SyntaxHighlight results in multiple vulnerabilities
Summary
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Severity
No CVSS data available.
CWE
- parameter injection
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.wikimedia.org/pipermail/mediawiki-a… | mailing-listx_refsource_MLIST |
| https://lists.wikimedia.org/pipermail/mediawiki-a… | mailing-listx_refsource_MLIST |
| https://bugs.debian.org/861585 | x_refsource_MISC |
| https://phabricator.wikimedia.org/T158689 | x_refsource_CONFIRM |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mediawiki | mediawiki (SyntaxHighlight extension) |
Affected:
n/a
|
Date Public
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:57.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/861585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T158689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mediawiki (SyntaxHighlight extension)",
"vendor": "mediawiki",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "parameter injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/861585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T158689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
}
],
"source": {
"advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
"discovery": "UNKNOWN"
},
"title": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
"ID": "CVE-2017-0372",
"STATE": "PUBLIC",
"TITLE": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mediawiki (SyntaxHighlight extension)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "mediawiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "parameter injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
},
{
"name": "https://bugs.debian.org/861585",
"refsource": "MISC",
"url": "https://bugs.debian.org/861585"
},
{
"name": "https://phabricator.wikimedia.org/T158689",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T158689"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0372",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
}
]
},
"source": {
"advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-0372",
"datePublished": "2018-04-13T16:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:27:46.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0372 (GCVE-0-2017-0372)
Vulnerability from cvelistv5 – Published: 2018-04-13 16:00 – Updated: 2024-09-16 16:27
VLAI
Title
Parameters injection in SyntaxHighlight results in multiple vulnerabilities
Summary
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
Severity
No CVSS data available.
CWE
- parameter injection
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.wikimedia.org/pipermail/mediawiki-a… | mailing-listx_refsource_MLIST |
| https://lists.wikimedia.org/pipermail/mediawiki-a… | mailing-listx_refsource_MLIST |
| https://bugs.debian.org/861585 | x_refsource_MISC |
| https://phabricator.wikimedia.org/T158689 | x_refsource_CONFIRM |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mediawiki | mediawiki (SyntaxHighlight extension) |
Affected:
n/a
|
Date Public
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:57.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/861585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T158689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mediawiki (SyntaxHighlight extension)",
"vendor": "mediawiki",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "parameter injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T15:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/861585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T158689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
}
],
"source": {
"advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
"discovery": "UNKNOWN"
},
"title": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
"ID": "CVE-2017-0372",
"STATE": "PUBLIC",
"TITLE": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mediawiki (SyntaxHighlight extension)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "mediawiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "parameter injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"name": "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"
},
{
"name": "https://bugs.debian.org/861585",
"refsource": "MISC",
"url": "https://bugs.debian.org/861585"
},
{
"name": "https://phabricator.wikimedia.org/T158689",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T158689"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0372",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0372"
}
]
},
"source": {
"advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-0372",
"datePublished": "2018-04-13T16:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:27:46.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}