Описание
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
A flaw was found in Wikimedia Foundation MediaWiki - VisualData Extension. A remote attacker could exploit an inefficient regular expression, leading to a Regular Expression Denial of Service (ReDoS). This vulnerability allows an attacker to provide specially crafted input that causes the regular expression engine to consume excessive processing time, resulting in a denial of service for the affected system.
Отчет
This vulnerability is rated Moderate for Red Hat. The MediaWiki VisualData Extension is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. Exploitation requires an attacker to provide crafted user input, which can lead to a denial of service by consuming excessive resources. This issue affects MediaWiki - VisualData Extension version 1.45.
Меры по смягчению последствий
To mitigate this issue, disable the VisualData extension in MediaWiki if it is not essential for your deployment. This can typically be done by commenting out or removing the wfLoadExtension('VisualData'); line in LocalSettings.php. A restart of the web server or PHP-FPM service may be required for the changes to take effect.
Ссылки на источники
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
6.5 Medium
CVSS3