Vulnerability Details : CVE-2023-29134
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.
Products affected by CVE-2023-29134
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-29134
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-29134
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
3.9
|
4.7
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-02 |
CWE ids for CVE-2023-29134
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-29134
-
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/900133
Fix for b50a5a0ae921 for "deferred" formats - patch by TK-999 (If1c5c925) · Gerrit Code Review
-
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/895774
Disallow backticks (`) in #cargo_query (I8d5aaa4a) · Gerrit Code Review
-
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/898722
Fix for b50a5a0ae921 for "order by" in "More" link (I862fb1a4) · Gerrit Code Review
-
https://phabricator.wikimedia.org/rECRG920f3c19a84175bcfe93f41ecf9f8cef32730f8e
rECRG920f3c19a841
-
https://phabricator.wikimedia.org/T331362
Login
Jump to