Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

Remediation

References

CVE-2023-45371

Related Vulnerabilities

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6750)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2017-11143)

WordPress CVE-2012-2399 Vulnerability (CVE-2012-2399)

Bootstrap Table Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2021-23472)

Internet Information Services Other Vulnerability (CVE-2001-1186)

Severity

High

Classification

CVE-2023-45371 CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities