mediawiki/core is vulnerable to denial of service. The vulnerability exists due to the lack of protection against the pool counter, which allows an attacker to cause an application crash by providing a long-running SQL query via the PoolCounterWorkViaCallback
.
github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
lists.fedoraproject.org/archives/list/[email protected]/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
lists.fedoraproject.org/archives/list/[email protected]/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
lists.fedoraproject.org/archives/list/[email protected]/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
lists.wikimedia.org/hyperkitty/list/[email protected]/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
phabricator.wikimedia.org/T284419
security-tracker.debian.org/tracker/CVE-2021-41800