CVE-2023-29520: 
Java vulnerability analysis and mitigation

XWiki Platform, a generic wiki platform offering runtime services for applications, was found to contain a vulnerability (CVE-2023-29520) where it's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. The vulnerability was discovered and disclosed in April 2023, affecting versions from 4.3-milestone-2 onwards (GitHub Advisory).

The vulnerability is classified under CWE-755 (Improper Handling of Exceptional Conditions) and CWE-248 (Uncaught Exception). The CVSS v3.1 base score is 6.5 (MEDIUM) according to NVD assessment with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, while GitHub's assessment rates it at 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (NVD).

When exploited, this vulnerability leads to broken pages and non-functional translations throughout the wiki system. The issue specifically affects translations displayed in various locations such as user profile menus, potentially disrupting the multilingual functionality of the platform (Jira Issue).

The vulnerability has been patched in multiple XWiki versions: 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade to these patched versions. No other workarounds are available except for fixing any method that allows the creation of documents that fail to load (GitHub Advisory).