CVE-2021-41799

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.

Link	Resource
https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/	Release Notes Third Party Advisory
https://phabricator.wikimedia.org/T290394	Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/	Mailing List Third Party Advisory

Configuration 1

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

---

Published : 2021-10-11 08:15

Updated : 2021-11-26 08:55

---

NVD link : CVE-2021-41799

Mitre link : CVE-2021-41799

No products.

CWE-770