Description
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.
Remediation
References
Related Vulnerabilities
Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-48988)
MySQL CVE-2018-3065 Vulnerability (CVE-2018-3065)
Microsoft SQL Server Other Vulnerability (CVE-2000-0603)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)
WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0.4)