Moderate severityNVD Advisory· Published Dec 11, 2019· Updated Aug 5, 2024
CVE-2019-19709
CVE-2019-19709
Description
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mediawiki/corePackagist | >= 1.31.0, < 1.31.6 | 1.31.6 |
mediawiki/corePackagist | >= 1.32.0, < 1.32.6 | 1.32.6 |
mediawiki/corePackagist | >= 1.33.0, < 1.33.2 | 1.33.2 |
mediawiki/corePackagist | >= 1.33.99, < 1.34.0 | 1.34.0 |
Affected products
2- MediaWiki/MediaWikidescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-pjv5-vv93-p648ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-19709ghsaADVISORY
- www.debian.org/security/2019/dsa-4592ghsavendor-advisoryx_refsource_DEBIANWEB
- gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8ghsax_refsource_MISCWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-19709.yamlghsaWEB
- phabricator.wikimedia.org/T239466ghsax_refsource_MISCWEB
- seclists.org/bugtraq/2019/Dec/48ghsamailing-listx_refsource_BUGTRAQWEB
News mentions
0No linked articles in our index yet.