Debian 9: DLA-2648-1 Moderate: MediaWiki Denial of Service
debian lts
May 5, 2021
Several vulnerabilities were discovered in mediawiki, a wiki website engine for collaborative work
Summary
CVE-2021-20270
An infinite loop in SMLLexer in Pygments used by mediawiki as
one if its lexers may lead to denial of service when performing
syntax highlighting of a Standard ML (SML) source file, as
demonstrated by input that only contains the "exception" keyword.
CVE-2021-27291
pygments, the lexers used by mediawiki rely heavily on regular
expressions. Some of the regular expressions have exponential or
cubic worst-case complexity and are vulnerable to ReDoS. By
crafting malicious input, an attacker can cause a denial of service.
CVE-2021-30152
An issue was discovered in MediaWiki. When using the MediaWiki
API to "protect" a page, a user is currently able to protect to a
higher level than they currently have permissions for.
CVE-2021-30155
An issue was discovered in MediaWiki before. ContentModelChange
does not check if a user has correct permissions to create and set
the content model of a nonexistent page.
CVE-2021-30158
PREVIOUS
NEXT
Package: mediawiki
Version: 1:1.27.7-1~deb9u8
CVE ID: CVE-2021-20270 CVE-2021-27291 CVE-2021-30152
Debian Bug: 985574 984664
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!