CVE-2022-41932

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-41932
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41932.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41932
Aliases
Published
2022-11-23T00:00:00Z
Modified
2025-10-25T03:33:58Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Creation of new database tables through login form on PostgreSQL
Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type
GIT
Repo
https://github.com/xwiki/xwiki-commons
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f1061cdd99a531c74466c225011a1d25d203a14b

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d24b588df8b5a92bef0214e24d3add8615e6188c