Comment 1Dhananjay Arunesh
2020-12-02 18:24:58 UTC
Created mediawiki tracking bugs for this issue:
Affects: fedora-all [bug 1903762]
Comment 2Przemyslaw Roguski
2020-12-07 15:24:57 UTC
This vulnerability is related to the factoryNonLocal function, which was introduced in version 1.31.9.
OpenShift Container Platform delivers mediawiki-1.27.7-1, where the vulnerable code doesn't exist.
Comment 4Przemyslaw Roguski
2020-12-07 15:25:04 UTC
Comment 5Przemyslaw Roguski
2020-12-07 16:51:28 UTC
Statement:
OpenShift Container Platform (OCP) delivers the mediawiki package, but the vulnerable code is not bundled, therefore OCP is not affected by this flaw.
Comment 6Product Security DevOps Team
2020-12-07 17:02:48 UTC