Description

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).

Remediation

References

CVE-2021-36125

Related Vulnerabilities

MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10039)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.21)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33336)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Unspecified Vulnerability (2.0.18)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4586)

Severity

High

Classification

CVE-2021-36125 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities