What is the severity of CVE-2024-47841?

The severity of CVE-2024-47841 is considered to be high due to its potential to allow path traversal attacks.

How do I fix CVE-2024-47841?

To fix CVE-2024-47841, upgrade the Mediawiki CSS Extension to version 1.42.2 or later, 1.41.3 or later, or 1.39.9 or later.

Which versions of the Mediawiki CSS Extension are affected by CVE-2024-47841?

CVE-2024-47841 affects Mediawiki CSS Extension versions from 1.39.0 up to 1.39.9, 1.41.0 up to 1.41.3, and 1.42.0 up to 1.42.2.

What kind of vulnerability is CVE-2024-47841?

CVE-2024-47841 is classified as a Path Traversal vulnerability due to improper limitation of a pathname.

Who is impacted by CVE-2024-47841?

Any user utilizing the affected versions of the Mediawiki CSS Extension may be impacted by CVE-2024-47841.

Vulnerability/
CVE-2024-47841

high

7.5

CWE

5/10/2024

16/10/2024

CVE-2024-47841: Path traversal when loading stylesheets

First published: Sat Oct 05 2024(Updated: )

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.

Credit: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Affected Software	Affected Version	How to fix
MediaWiki	>=1.39.0<1.39.9
MediaWiki	>=1.41.0<1.41.3
MediaWiki	>=1.42.0<1.42.2

Remedy

https://gerrit.wikimedia.org/r/q/I46613d8d50fc978bdac58e2b312ee03324c1edc8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-47841?
The severity of CVE-2024-47841 is considered to be high due to its potential to allow path traversal attacks.
How do I fix CVE-2024-47841?
To fix CVE-2024-47841, upgrade the Mediawiki CSS Extension to version 1.42.2 or later, 1.41.3 or later, or 1.39.9 or later.
Which versions of the Mediawiki CSS Extension are affected by CVE-2024-47841?
CVE-2024-47841 affects Mediawiki CSS Extension versions from 1.39.0 up to 1.39.9, 1.41.0 up to 1.41.3, and 1.42.0 up to 1.42.2.
What kind of vulnerability is CVE-2024-47841?
CVE-2024-47841 is classified as a Path Traversal vulnerability due to improper limitation of a pathname.
Who is impacted by CVE-2024-47841?
Any user utilizing the affected versions of the Mediawiki CSS Extension may be impacted by CVE-2024-47841.

agent/weakness
agent/references
agent/type
agent/title
agent/first-publish-date
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/wikimedia
canonical/mediawiki
version/mediawiki/1.39.0
version/mediawiki/1.41.0
version/mediawiki/1.42.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.