CVE-2024-34506

HIGH

MediaWiki <1.39.7, 1.40.x <1.40.3, 1.41.x <1.41.1 - DoS

Title source: llm

Description

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

References (3)

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

[Exploit, Issue Tracking, Vendor Advisory] https://phabricator.wikimedia.org/T357760

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

Scores

CVSS v3 7.5

EPSS 0.0017

EPSS Percentile 38.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status published

Affected Products (2)

mediawiki/mediawiki < 1.39.7

fedoraproject/fedora

Timeline

Published May 05, 2024

Tracked Since Feb 18, 2026