CVE-2020-29004
29.01.2021, 07:15
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 𝑥 ≤ 1.35 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References