Vulnerability Description
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dynamicpagelist3 Project | Dynamicpagelist3 | < 3.3.6 |
Related Weaknesses (CWE)
References
- https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe07PatchThird Party Advisory
- https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6Release NotesThird Party Advisory
- https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f2MitigationThird Party Advisory
- https://github.com/Universal-Omega/DynamicPageList3/commit/2c04dafb37a14d9ccfe07PatchThird Party Advisory
- https://github.com/Universal-Omega/DynamicPageList3/releases/tag/3.3.6Release NotesThird Party Advisory
- https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-8f2MitigationThird Party Advisory
FAQ
What is CVE-2021-41118?
CVE-2021-41118 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular express...
How severe is CVE-2021-41118?
CVE-2021-41118 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41118?
Check the references section above for vendor advisories and patch information. Affected products include: Dynamicpagelist3 Project Dynamicpagelist3.