CVE-2023-36674

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-36674
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36674.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-36674
Aliases
Downstream
Related
Published
2023-08-20T18:15:09.930Z
Modified
2026-02-05T09:09:06.374320Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type
GIT
Repo
https://github.com/wikimedia/mediawiki
Events
Introduced
bc542ec6d8573dfb906b468901799e0017875f1e
Fixed
059c8e1b9a315c36ae827f929ea9a077acbba2eb
Fixed
b8d14e9d292f1199b959b9ce26d99f72bf935406
Introduced
c95fc4786beba034fa643062b98a60ccbde831fd
Fixed
c4075dfdbcb51df3c922aef582cf5b4091759595

Affected versions

1.*
1.39.0
1.39.1
1.39.2
1.39.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36674.json"