[MEDIUM] MantisBT XXS where a Custom Field with a crafted Regular Expression property is used

PKSA-wgv3-hzy8-1dcy CVE-2020-25288 GHSA-qgrr-f26j-87vf

Affected package: mantisbt/mantisbt

Affected version: >=2.23.0,<2.24.3

Reported by:
GitHub