CVE-2015-2942 — XML Entity Expansion in Mediawiki
Severity
7.1HIGHNVD
EPSS
1.7%
top 17.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 13
Latest updateMay 17
Description
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.
CVSS vector
AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9