CVE Vulnerability

CVE-2021-41118

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe070f53e7f11bbca0156e7 Patch Third Party Advisory
https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6 Release Notes Third Party Advisory
https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f24-q75c-jhf4 Mitigation Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:dynamicpagelist3_project:dynamicpagelist3:*:*:*:*:*:mediawiki:*:*
Information

Published : 2021-10-04 07:15

Updated : 2021-10-12 07:31

NVD link : CVE-2021-41118

Mitre link : CVE-2021-41118

Products Affected
No products.
CWE
CWE-400