Lucene search

K
nvd[email protected]NVD:CVE-2023-45363
HistoryOct 09, 2023 - 5:15 a.m.

CVE-2023-45363

2023-10-0905:15:09
CWE-835
web.nvd.nist.gov
mediawiki
denial of service
apipageset
unbounded loop

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

Affected configurations

NVD
Node
mediawikimediawikiRange<1.35.12
OR
mediawikimediawikiRange1.36.01.39.5
OR
mediawikimediawikiMatch1.40.0-
Node
debiandebian_linuxMatch11.0
OR
debiandebian_linuxMatch12.0

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%