logo

Database

Uncontrolled external site redirect In mediawiki/core

Description

MediaWiki Open Redirect vulnerability resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-109592. NVD-2020-109593. OSV-2020-109594. GCVE-2020-10959

References

1. https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb2. https://gerrit.wikimedia.org/r/c/mediawiki/core/+/5367253. https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml4. https://phabricator.wikimedia.org/T2329325. https://phabricator.wikimedia.org/T240393

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.