Moderate severityNVD Advisory· Published Apr 18, 2023· Updated Feb 5, 2025
Page render failure due to broken translations in xwiki-platform
CVE-2023-29520
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xwiki.platform:xwiki-platform-localization-source-wikiMaven | >= 4.3-milestone-2, < 13.10.11 | 13.10.11 |
org.xwiki.platform:xwiki-platform-localization-source-wikiMaven | >= 14.0-rc-1, < 14.4.8 | 14.4.8 |
org.xwiki.platform:xwiki-platform-localization-source-wikiMaven | >= 14.5, < 14.10.1 | 14.10.1 |
Affected products
1- Range: < 13.10.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-9jq5-xwqw-q8j3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-29520ghsaADVISORY
- github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3ghsax_refsource_CONFIRMWEB
- jira.xwiki.org/browse/XWIKI-20460ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.