Vulnerability in Foswiki

CVE-2012-6330

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.

EPSS: 0.733 (98.8th percentile) — read the EPSS interpretation.

Affected products

Foswiki — versions 1.0.0, 1.0.1, 1.0.2
Twiki — versions 5.1.0, 5.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-189

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution (mailing-list, x_refsource_MLIST)
56950 (vdb-entry, x_refsource_BID)