Description
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.
Remediation
References
Related Vulnerabilities
Drupal Core 5.x Session Fixation (5.0 - 5.8)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-20612)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1044)
WordPress Plugin Download Monitor 'dlsearch' Parameter Cross-Site Scripting (3.3.5.8)
WordPress Plugin Yakadanda Google+ Hangout Events Cross-Site Scripting (0.3.7)