High severityNVD Advisory· Published Oct 9, 2023· Updated Oct 15, 2024
CVE-2023-45363
CVE-2023-45363
Description
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mediawiki/corePackagist | < 1.35.12 | 1.35.12 |
mediawiki/corePackagist | >= 1.36.0, < 1.39.5 | 1.39.5 |
mediawiki/corePackagist | >= 1.40.0, < 1.40.1 | 1.40.1 |
Affected products
3- osv-coords2 versions
< 1.35.12+ 1 more
- (no CPE)range: < 1.35.12
- (no CPE)range: < 1.35.12
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-w5fx-cx7f-6vr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-45363ghsaADVISORY
- www.debian.org/security/2023/dsa-5520ghsavendor-advisoryWEB
- github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8ghsaWEB
- lists.debian.org/debian-lts-announce/2023/11/msg00027.htmlghsamailing-listWEB
- phabricator.wikimedia.org/T333050ghsaWEB
News mentions
0No linked articles in our index yet.