{"id":"CVE-2017-0372","details":"Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.","modified":"2026-04-10T03:46:11.850807Z","published":"2018-04-13T16:29:00.940Z","references":[{"type":"ADVISORY","url":"https://bugs.debian.org/861585"},{"type":"REPORT","url":"https://security-tracker.debian.org/tracker/CVE-2017-0372"},{"type":"FIX","url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"},{"type":"FIX","url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html"},{"type":"EVIDENCE","url":"https://phabricator.wikimedia.org/T158689"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"0"},{"last_affected":"49aff6403bb75ab69baaa369ce87920333ba59d6"},{"introduced":"0"},{"last_affected":"758cd9d2371d529450448cdf7eb2f1f6e099cfee"},{"introduced":"0"},{"last_affected":"a52d35d56c78918d8680cd27b6d6df5a1bbbc45b"},{"introduced":"0"},{"last_affected":"1c409c54d4ed3767d216b2a332ae1daeef357909"},{"introduced":"0"},{"last_affected":"34bc8899bf68e011fde9113c6857853cf91df0b8"},{"introduced":"0"},{"last_affected":"819c0d21addeed5336244cb9b776fe83a7b2279e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.23.15"},{"introduced":"0"},{"last_affected":"1.27.0"},{"introduced":"0"},{"last_affected":"1.27.1"},{"introduced":"0"},{"last_affected":"1.27.2"},{"introduced":"0"},{"last_affected":"1.28.0"},{"introduced":"0"},{"last_affected":"1.28.1"}]}}],"versions":["1.1.0","1.23.0","1.23.0-rc.1","1.23.0-rc.2","1.23.0-rc.3","1.23.0rc0","1.23.1","1.23.10","1.23.11","1.23.12","1.23.13","1.23.14","1.23.15","1.23.2","1.23.3","1.23.4","1.23.5","1.23.6","1.23.7","1.23.8","1.23.9","1.27.0","1.27.0-rc.0","1.27.0-rc.1","1.27.1","1.27.2","1.28.0","1.28.0-rc.0","1.28.0-rc.1","1.28.1","1.3.0beta1","1.5.0alpha1","1.5.0alpha2","1.5.0beta1","1.5.0beta2","1.5.0beta3","1.5.0beta4","1.6.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0372.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}