Headline
CVE-2022-28203: NewFiles in commons with actor as a condition can bring the whole database down
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
Edit Task
Mute Notifications
Protect as security issue
Award Token
Flag For Later
Task Graph
Mentions
Event Timeline
Restricted Application added a subscriber: Aklapper.
Ladsgroup triaged this task as High priority.
Ladsgroup renamed this task from Requesting Special:NewFiles in commons with non-existentant actors can bring the whole database down to Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down .
Reedy renamed this task from Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down to CVE-2022-: Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down .
Reedy renamed this task from CVE-2022-: Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down to CVE-2022-28203: Requesting Special:NewFiles in commons with actor as a condition can bring the whole database down .
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL