The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21275.json"
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021-01-21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.0.0.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.0.0.5.0"
}
]
}
]