CVE-2017-0366

Published: 13 April 2018

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.

Priority

Medium

CVSS 3 base score: 5.4

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0366
• https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
• NVD
• Launchpad
• Debian

Bugs

• https://phabricator.wikimedia.org/T151735