Description

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.

Remediation

References

CVE-2021-31555

Related Vulnerabilities

WordPress Plugin KNR Author List Widget 'listItem[]' Parameter SQL Injection (2.0.0)

WordPress Plugin Starbox-the Author Box for Humans Cross-Site Scripting (3.0.8)

MySQL Other Vulnerability (CVE-2010-3681)

WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.2.3)

WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)

Severity

High

Classification

CVE-2021-31555 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities