CVE-2024-33103

Publication date 30 April 2024

Last updated 24 July 2024

Ubuntu priority

** DISPUTED ** An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dokuwiki	24.04 LTS noble	Not affected
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-33103
https://github.com/dokuwiki/dokuwiki/issues/4267