Fluid Attacks Database

Description

MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	mediawiki/core	>=0 <1.35.12 \|\| >=1.36.0 <1.39.5 \|\| =1.40.0 \|\| >=1.40.0 <1.40.1	1.35.12, 1.39.5, 1.40.1
debian 11	mediawiki	=1:1.35.11-1~deb11u1 \|\| =1:1.35.2-1 \|\| =1:1.35.3-1 \|\| =1:1.35.4-1 \|\| =1:1.35.4-1+deb11u2 \|\| =1:1.35.4-1~deb11u1 \|\| =1:1.35.5-1 \|\| =1:1.35.5-2 \|\| =1:1.35.6-1 \|\| =1:1.35.7-1 \|\| =1:1.35.8-1 \|\| =1:1.35.8-1.1 \|\| =1:1.35.8-1~deb11u1 \|\| >=0 <1:1.35.13-1~deb11u1	1:1.35.13-1~deb11u1
debian 12	mediawiki	=1:1.39.2-1 \|\| =1:1.39.4-1 \|\| =1:1.39.4-1~deb12u1 \|\| =1:1.39.4-2 \|\| >=0 <1:1.39.5-1~deb12u1	1:1.39.5-1~deb12u1
debian 13	mediawiki	>=0 <1:1.39.5-1	1:1.39.5-1
debian 14	mediawiki	>=0 <1:1.39.5-1	1:1.39.5-1

Aliases

1. CVE-2023-453632. NVD-2023-453633. OSV-2023-453634. OSV-DEBIAN-2023-453635. GCVE-2023-453636. lists.debian.org7. SECURITY-TRACKER-CVE-2023-45363

References

1. https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd82. https://phabricator.wikimedia.org/T3330503. https://www.debian.org/security/2023/dsa-5520

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.