TWiki Releases Security Alert

TWiki has released a Security Alert to address a vulnerability. This vulnerability is due to the way TWiki processes the "image" variable in URLs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the TWiki Security Alert and apply the workaround listed in the Countermeasures section of the document or upgrade to version 4.2.3 to help mitigate the risks.

Read more: US-CERT Current Activity