Headline

CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

2 years ago

CVE

Open in Source

#ddos #dos #php #auth

Risk Rating

Low

Author Affiliation

WMF Technology Dept

Task Graph
Mentions

Event Timeline

Restricted Application added a subscriber: Aklapper.

Restricted Application added a project: wdwb-tech.

Ladsgroup added a parent task: Restricted Task.

sbassett triaged this task as Low priority.

sbassett changed Author Affiliation from N/A to WMF Technology Dept.

sbassett changed Risk Rating from N/A to Low.

Reedy renamed this task from Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector to CVE-2022-: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector.

Reedy renamed this task from CVE-2022-: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector to CVE-2022-28204: Whatlinkshere of heavily used properties in wikidata can be easily utilized as a DDoS vector.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago