Vulnerability CVE-2022-28204: Information
Description
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: Sept. 20, 2022
Modified: Sept. 21, 2022
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| mediawiki | sisyphus | 1.37.2-alt1 | 1.40.1-alt2 | ALT-PU-2022-2140-1 | 302595 | Fixed |
| mediawiki | sisyphus_e2k | 1.37.2-alt1 | 1.40.1-alt2 | ALT-PU-2022-5468-1 | - | Fixed |
| mediawiki | p10 | 1.37.2-alt1 | 1.40.1-alt2 | ALT-PU-2022-2428-1 | 305046 | Fixed |
| mediawiki | p10_e2k | 1.37.2-alt1 | 1.40.1-alt2 | ALT-PU-2022-5749-1 | - | Fixed |
| mediawiki | c10f1 | 1.37.2-alt1 | 1.37.2-alt1 | ALT-PU-2022-2428-1 | 305046 | Fixed |
| mediawiki | p11 | 1.37.2-alt1 | 1.40.1-alt2 | ALT-PU-2022-2140-1 | 302595 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://phabricator.wikimedia.org/T297754 |
|