Description

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.

Remediation

References

CVE-2021-31555

Related Vulnerabilities

WordPress Plugin Malware Finder Cross-Site Scripting (1.1)

Oracle Database Server CVE-2006-0267 Vulnerability (CVE-2006-0267)

WordPress Plugin All in One Webmaster Unspecified Vulnerability (11.0)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.36)

WordPress Plugin WP Private Content Plus Cross-Site Request Forgery (3.1)

Severity

High

Classification

CVE-2021-31555 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities