PT-2018-5261 · Pepperminty · Pepperminty-Wiki

Prodigysml

Published

2018-01-03

Updated

2020-10-19

CVE-2017-1000497

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pepperminty-Wiki version 0.15

Description The issue concerns an XXE (XML External Entity) attack in the getsvgsize function, potentially leading to denial of service and possibly remote code execution.

Recommendations For Pepperminty-Wiki version 0.15, consider disabling the getsvgsize function as a temporary workaround until a patch is available.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-1000497

Affected Products

Pepperminty-Wiki

PT-2018-5261 · Pepperminty · Pepperminty-Wiki

CVE-2017-1000497

Weakness Enumeration

Related Identifiers

Affected Products

References · 3