CVE-2023-26479

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 13.10.10 XWiki Platform versions prior to 14.4.6 XWiki Platform versions prior to 14.9-rc-1

Description The issue allows users with write rights to insert well-formed content that is not handled well by the parser, leading to a StackOverflowError. This can cause some pages to become unusable, including the user index and the page index. The normal UI is completely missing on affected pages, and it is not possible to open the editor directly to revert the change. A temporary workaround is to increase the memory allocated to the stack by using the -Xss JVM parameter.

Recommendations For versions prior to 13.10.10, upgrade to version 13.10.10 or later. For versions prior to 14.4.6, upgrade to version 14.4.6 or later. For versions prior to 14.9-rc-1, upgrade to version 14.9-rc-1 or later. As a temporary workaround, consider increasing the memory allocated to the stack by using the -Xss JVM parameter (e.g., -Xss32m) to allow the parser to pass and fix the faulty content. However, this should only be used as a temporary solution, as it does not prevent the issue from occurring again with other content.