ALT-PU-2021-2069-1
Package mediawiki-extensions-Widgets updated to version 1.3.0-alt1git for branch sisyphus in task 276124.
Closed vulnerabilities
Published: 2020-12-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-35625
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-02-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-9382
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
Severity: MEDIUM (5.4)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References: