CVE-2023-45363

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 9, 2023

Updated: Nov 28, 2023

CWE ID 835

Summary

CVE-2023-45363 is a denial-of-service vulnerability affecting MediaWiki versions before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. The issue lies in ApiPageSet.php, where a problem with redirects and converttitles can cause an unbounded loop and RequestTimeoutException, resulting in a server crash and service disruption for users. Attackers can exploit this vulnerability by querying specific pages with redirects, potentially leading to a denial of service condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mediawiki
Debian

Affected Vendors

Debian
Mediawiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s8Dy9i
https://www.cve.org/CVERecord?id=CVE-2023-45363
https://nvd.nist.gov/vuln/detail/CVE-2023-45363

Back to Vulnerability Database