Products
Mediawiki - CSS Extension
- 1.42.X before 1.42.2
- 1.41.X before 1.41.3
- 1.39.X before 1.39.9
Source
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Tags
CVE-2024-47841 details
Published : Oct. 5, 2024, 2:15 a.m.
Last Modified : Oct. 5, 2024, 2:15 a.m.
Last Modified : Oct. 5, 2024, 2:15 a.m.
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
References
URL | Source |
---|---|
https://gerrit.wikimedia.org/r/q/I46613d8d50fc978bdac58e2b312ee03324c1edc8 | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
https://phabricator.wikimedia.org/T368628 | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
https://phabricator.wikimedia.org/T369486 | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc |
This website uses the NVD API, but is not approved or certified by it.