Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReDoS in DynamicPageList3
Vulnerability Description
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
DynamicPageList 资源管理错误漏洞
Vulnerability Description
DynamicPageList是一个动态生成页面链接的MediaWiki扩展,支持属于多个类别的页面的交叉和其他集合操作。 DynamicPageList3 扩展存在资源管理错误漏洞,该漏洞源于DPL 解析器函数的参数中输入了未经处理的正则表达式日期,从而允许出现 ReDoS(正则表达式拒绝服务)。
CVSS Information
N/A
Vulnerability Type
N/A