The "Balloon Vulnerability" enabled malicious users to create a denial of service condition using specially crafted WIKI BB-Codes. The issue existed in all versions of VaultWiki 2.x, 3.x, and 4.x series, including VaultWiki Lite.
The "Relative Vulnerability" enabled malicious users to craft links on third-party sites pointing to VaultWiki content that would display embedded HTML/Javascript code in the wiki content when the link was followed. The issue existed in all versions of VaultWiki 4.x series, including VaultWiki Lite.
The "Bulk Overload Vulnerability" enabled malicious users to create a denial of service condition by abusing content creation tools. The issue existed in all versions starting with VaultWiki 4.0.4, including VaultWiki Lite.
We have published the following Patch Level releases to resolve these issues:
- 4.0.8 Patch Level 1
- 4.0.7 Patch Level 2
- 4.0.6 Patch Level 5
- 4.0.5 Patch Level 5
- 4.0.4 Patch Level 5
- 4.0.3 Patch Level 5
- 4.0.2 Patch Level 8
- 4.0.1 Patch Level 11
We highly recommend that all users running any version of VaultWiki in a production environment update to a patched release as soon as possible.