CVE-2021-41801
11.10.2021, 08:15
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)Enginsight
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 𝑥 < 1.31.16 |
| mediawiki | mediawiki | 1.35.0 ≤ 𝑥 < 1.35.4 |
| mediawiki | mediawiki | 1.36.0 ≤ 𝑥 < 1.36.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References