CVE-2020-29007

Name of the Vulnerable Software and Affected Versions The Score extension for MediaWiki versions through 0.3.0

Description The issue is related to improper sandboxing of the GNU LilyPond executable, leading to a remote code execution vulnerability. This vulnerability allows any user with the ability to edit articles, potentially including unauthenticated anonymous users, to execute arbitrary Scheme or shell code. The exploitation occurs through crafted {{Image data used to generate musical scores containing malicious code.

Recommendations For The Score extension for MediaWiki versions through 0.3.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.