CVE-2021-32722
MEDIUMMediaWiki <48be7adb70568e20e961ea1cb70904454a671b1d - DoS
Title source: llmDescription
GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/miraheze/GlobalNewFiles/security/advisories/GHSA-cwv5-c938-5h5h
Issue Tracking, Vendor Advisory x_refsource_misc
https://phabricator.miraheze.org/T7532
Patch, Third Party Advisory x_refsource_misc
https://github.com/miraheze/GlobalNewFiles/commit/48be7adb70568e20e961ea1cb70904454a671b1d
Patch, Third Party Advisory x_refsource_misc
https://github.com/miraheze/GlobalNewFiles/pull/17
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
73.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
miraheze/globalnewfiles
Published
Jun 28, 2021
Tracked Since
Feb 18, 2026