CNNVD-202602-502 Information
CNNVD ID
CNNVD-202602-502
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Wikimedia Scribunto是Wikimedia基金会的一个脚本开发工具。 Wikimedia Scribunto和luasandbox存在安全漏洞,该漏洞源于includes/Engines/LuaCommon/lualib/mwInit.Lua和library.C文件存在缺陷。以下产品及版本受到影响:Scribunto 1.39.16之前版本、1.43.6之前版本、1.44.3之前版本、1.45.1之前版本和luasandbox fea2304f8f6ab30314369a612f4f5b165e68e95a之前版本。
Description (English)
Wikimedia Scribunto is a script development tool for the Wikimedia Foundation. There is a security loophole in Wikimedia Scribunto and luasandbox, which stems from deficiencies in the includes/Engines/LuaCommon/lualib/mwInit.Lua and library.C documents. The following products and versions were affected: pre-Scribunto 1.39.16, pre-1.43.6, pre-1.44.3, pre-1.4.5.1, pre-luasandbox fa2304f8f6ab30316912f4f5b165e6895a.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
维基媒体
Published
2026-02-03
Last Modified
2026-02-24
References
https://phabricator.wikimedia.org/T408135 https://access.redhat.com/security/cve/cve-2025-67482
Patch
https://www.mediawiki.org/wiki/Extension:Scribunto
Share on: