CVE-2021-35197
02.07.2021, 13:15
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).Enginsight
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 𝑥 < 1.31.15 |
| mediawiki | mediawiki | 1.32.0 ≤ 𝑥 < 1.35.3 |
| mediawiki | mediawiki | 1.36.0 ≤ 𝑥 < 1.36.1 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References