PhabricatorMiszczyk [ https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/

Dec 8 2020, 2:25 PM · MW-1.36-notes (1.36.0-wmf.1; 2020-07-21), MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Wikimedia-Incident, WMF-General-or-Unknown, MediaWiki-extensions-Score, Security, Security-Team

Jul 4 2020

Miszczyk added a comment to T257062: Lilypond seemingly not subject to restrictions (CVE-2020-29007).
In T257062#6278732, @faidon wrote:
  • All in all, I think this needs to be discussed with upstream, to hopefully result into a mindset shift with regards to whether input is considered trusted or untrusted by default. In its current state, I don't think it's reasonable for users to even run this on their desktops with anything but scores they've personally handcrafted, or for distributors like Debian to ship this without warnings to that effect.
Jul 4 2020, 12:52 PM · MW-1.36-notes (1.36.0-wmf.1; 2020-07-21), MW-1.35-notes (1.35.0-wmf.41; 2020-07-14), Wikimedia-Incident, WMF-General-or-Unknown, MediaWiki-extensions-Score, Security, Security-Team
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Disclaimer ·

Follow Lee on X/Twitter - Father, Husband, Serial builder creating AI, crypto, games & web tools. We are friends :) AI Will Come To Life!

Check out: eBank.nz (Art Generator) | Netwrck.com (AI Tools) | Text-Generator.io (AI API) | BitBank.nz (Crypto AI) | ReadingTime (Kids Reading) | RewordGame | BigMultiplayerChess | WebFiddle | How.nz | Helix AI Assistant