RSS   Vulnerabilities for 'Globalnewfiles'   RSS

2021-06-28
 
CVE-2021-32722

CWE-400
 

 
GlobalNewFiles is a mediawiki extension. All existing versions of GlobalNewFiles are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. No patches are currently available. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled.

 


Copyright 2024, cxsecurity.com

 

Back to Top