CVE-2023-36674
MEDIUM5.3EPSS 0.04%發布日:2023/8/20修改日:2026/4/28
描述
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
受影響套件(2)
- Bitnami/mediawikifrom 0, < 1.35.11, >= 1.36.0, < 1.38.7, >= 1.39.0, < 1.39.4, >= 1.40.0, < 1.40.1
- Debian/mediawikifrom 0, < 1:1.35.11-1~deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(6)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-36674
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-36674
- WEBhttps://phabricator.wikimedia.org/T335612