cbcvebase.
CVE-2023-45363
published 2023-10-09

CVE-2023-45363: An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to…

PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
22.70%
97.4th percentile
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

Affected

13 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianmediawiki< mediawiki 1:1.39.5-1~deb12u1 (bookworm)mediawiki 1:1.39.5-1~deb12u1 (bookworm)
mediawikicore>= 0 < 1.35.121.35.12
mediawikicore>= 1.36.0 < 1.39.51.39.5
mediawikicore>= 1.40.0 < 1.40.11.40.1
mediawikimediawiki< 1.35.121.35.12
mediawikimediawiki
mediawikimediawiki>= 0 < 1:1.35.13-1~deb11u11:1.35.13-1~deb11u1
mediawikimediawiki>= 0 < 1:1.39.5-1~deb12u11:1.39.5-1~deb12u1
mediawikimediawiki>= 0 < 1:1.39.5-11:1.39.5-1
mediawikimediawiki>= 0 < 1:1.39.5-11:1.39.5-1
mediawikimediawiki>= 1.36.0 < 1.39.51.39.5

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.