CVE-2023-45363: MediaWiki Denial of Service vulnerability
(updated )
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
References
- github.com/advisories/GHSA-w5fx-cx7f-6vr9
- github.com/wikimedia/mediawiki
- github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8
- lists.debian.org/debian-lts-announce/2023/11/msg00027.html
- nvd.nist.gov/vuln/detail/CVE-2023-45363
- phabricator.wikimedia.org/T333050
- www.debian.org/security/2023/dsa-5520
Code Behaviors & Features
Detect and mitigate CVE-2023-45363 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →