Headline
CVE-2021-44856: ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.
Risk Rating
Low
Author Affiliation
Wikimedia Communities
- Task Graph
- Mentions
Event Timeline
Restricted Application added a subscriber: Aklapper.
Reedy renamed this task from Title which blocked in AbuseFilter can be create via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook to Title which blocked in AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value.
sbassett triaged this task as Low priority.
sbassett changed Author Affiliation from N/A to Wikimedia Communities.
sbassett changed Risk Rating from N/A to Low.
Reedy renamed this task from Title which blocked in AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value to Title blocked in AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value.
Reedy closed this task as Resolved.
Reedy renamed this task from Title blocked in AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value to CVE-2021-44856: Title blocked in AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value.
Related news
Gentoo Linux Security Advisory 202305-24 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected.