CVE-2021-41118

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41118

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41118.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-41118

Related

GHSA-8f24-q75c-jhf4

Published

2021-10-04T19:15:08.570Z

Modified

2025-11-14T12:21:55.885375Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set $wgDplSettings['functionalRichness'] = 0; or disable DynamicPageList3 to mitigate.

References

Affected packages

Git / github.com/universal-omega/dynamicpagelist3

Affected ranges

Type: GIT
Repo: https://github.com/universal-omega/dynamicpagelist3
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2c04dafb37a14d9ccfe070f53e7f11bbca0156e7

Fixed

2fe609148c126122edbf573dd60c6c39aeea87ae

Affected versions

3.*

3.3.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41118.json"