漏洞关键信息 漏洞名称: - mal ickkai allows injection in API format=php 状态: - Closed, Resolved 类型: - Security 影响范围: - API clients written in PHP 关键关键词: - API format=php - serialize - unserialization 修复措施: - Patched in commit: - https://gerrit.wikimedia.org/r/#/c/174289/ - https://gerrit.wikimedia.org/r/#/c/174496/ 相关链接: - T75574: Host crossdomain.xml master policy file - T118538: Reduce the usage of API format=php 历史跟踪: - November 22, 2014: bzimport raised the priority of this task from Needs Triage to Security-Core. - December 3, 2014: Task resolved. - December 5, 2014: CVE-2014-9277 assigned.