CVE-2023-45363 – mediawiki/core

Package

Manager: composer
Name: mediawiki/core
Vulnerable Version: >=0 <1.35.12 || >=1.36.0 <1.39.5 || =1.40.0 || >=1.40.0 <1.40.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.09034 pctl0.92307

Details

MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

Metadata

Created: 2023-10-09T06:30:18Z
Modified: 2024-10-30T18:06:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w5fx-cx7f-6vr9/GHSA-w5fx-cx7f-6vr9.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-w5fx-cx7f-6vr9
Finding: F138
Auto approve: 1