Page MenuHomePhabricator

CVE-2021-41118: ReDOS in DPL3
Closed, ResolvedPublicSecurity


In DPL3 before 3.3.6, a ReDOS vulnerability exists.

For users of 1.35, no fixed version is unfortunately available (only supports 1.36/1.37). has been published.

Users of 1.35 should Set $wgDplSettings['functionalRichness'] = 0;

Please add to the extension supplemental announcement


Author Affiliation
Wikimedia Communities

Event Timeline

RhinosF1 renamed this task from ReDOS in DPL3 to CVE-2021-41118: ReDOS in DPL3.Oct 4 2021, 5:08 PM
RhinosF1 updated the task description. (Show Details)
sbassett claimed this task.
sbassett triaged this task as Low priority.
mmartorana changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 10 2022, 6:10 PM
mmartorana changed the edit policy from "Custom Policy" to "All Users".