Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jOHd2LXF3d2MtNmo3M84AAqQT
MediaWiki allows a denial of service
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
Permalink: https://github.com/advisories/GHSA-c8wv-qwwc-6j73JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOHd2LXF3d2MtNmo3M84AAqQT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-c8wv-qwwc-6j73, CVE-2021-41800
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-41800
- https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
- https://lists.fedoraproject.org/archives/list/[email protected]/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
- https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
- https://phabricator.wikimedia.org/T284419
- https://security.gentoo.org/glsa/202305-24
- https://github.com/advisories/GHSA-c8wv-qwwc-6j73
Blast Radius: 5.3
Affected Packages
packagist:mediawiki/core
Dependent packages: 4Dependent repositories: 10
Downloads: 2,785 total
Affected Version Ranges: < 1.36.2
Fixed in: 1.36.2
All affected versions: 1.20.3, 1.20.4, 1.20.5, 1.20.6, 1.20.7, 1.20.8, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.21.8, 1.21.9, 1.21.10, 1.21.11, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.24.6, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.25.6, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.27.4, 1.27.5, 1.27.6, 1.27.7, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.29.0, 1.29.1, 1.29.2, 1.29.3, 1.30.0, 1.30.1, 1.30.2, 1.31.0, 1.31.1, 1.31.2, 1.31.3, 1.31.4, 1.31.5, 1.31.6, 1.31.7, 1.31.8, 1.31.9, 1.31.10, 1.31.11, 1.31.12, 1.31.13, 1.31.14, 1.31.15, 1.31.16, 1.32.0, 1.32.1, 1.32.2, 1.32.3, 1.32.4, 1.32.5, 1.32.6, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.34.0, 1.34.1, 1.34.2, 1.34.3, 1.34.4, 1.35.0, 1.35.1, 1.35.2, 1.35.3, 1.35.4, 1.35.5, 1.35.6, 1.35.7, 1.35.8, 1.35.9, 1.35.10, 1.35.11, 1.35.12, 1.35.13, 1.35.14, 1.36.0, 1.36.1
All unaffected versions: 1.36.2, 1.36.3, 1.36.4, 1.37.0, 1.37.1, 1.37.2, 1.37.3, 1.37.4, 1.37.5, 1.37.6, 1.38.0, 1.38.1, 1.38.2, 1.38.3, 1.38.4, 1.38.5, 1.38.6, 1.38.7, 1.39.0, 1.39.1, 1.39.2, 1.39.3, 1.39.4, 1.39.5, 1.39.6, 1.39.7, 1.40.0, 1.40.1, 1.40.2, 1.40.3, 1.41.0, 1.41.1