CVE-2023-36674
- Source
- https://cve.org/CVERecord?id=CVE-2023-36674
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36674.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-36674
- Aliases
- Downstream
- Related
- Published
- 2023-08-20T18:15:09.930Z
- Modified
- 2026-04-02T09:07:35.391082Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
- https://phabricator.wikimedia.org/T335612
Affected packages
Git / github.com/wikimedia/mediawiki
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wikimedia/mediawiki
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.35.11" }, { "introduced": "1.36.0" }, { "fixed": "1.38.7" }, { "introduced": "1.39.0" }, { "fixed": "1.39.4" }, { "introduced": "0" }, { "last_affected": "1.40.0" } ] }
Affected versions
1.*
1.1.0
1.10.0
1.10.0rc1
1.10.0rc2
1.10.1
1.10.2
1.10.3
1.10.4
1.11.0
1.11.0rc1
1.11.1
1.11.2
1.12.0
1.12.0rc1
1.12.1
1.12.2
1.12.3
1.12.4
1.13.0
1.13.0rc1
1.13.0rc2
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.14.0
1.14.0rc1
1.14.1
1.15.0
1.15.0rc1
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.16.0
1.16.0beta1
1.16.0beta2
1.16.0beta3
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
1.17.0
1.17.0beta1
1.17.0rc1
1.17.1
1.17.2
1.17.3
1.17.4
1.17.5
1.18.0
1.18.0beta1
1.18.0rc1
1.18.1
1.18.2
1.18.3
1.18.4
1.18.5
1.18.6
1.19.0
1.19.0beta1
1.19.0beta2
1.19.0rc1
1.19.1
1.19.10
1.19.11
1.19.12
1.19.13
1.19.14
1.19.15
1.19.16
1.19.17
1.19.18
1.19.19
1.19.2
1.19.20
1.19.21
1.19.22
1.19.23
1.19.24
1.19.3
1.19.4
1.19.5
1.19.6
1.19.7
1.19.8
1.19.9
1.2.0
1.2.0rc1
1.2.0rc2
1.2.0rc3
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.20.0
1.20.0rc1
1.20.0rc2
1.20.1
1.20.2
1.20.3
1.20.4
1.20.5
1.20.6
1.20.7
1.20.8
1.21.0
1.21.1
1.21.10
1.21.11
1.21.2
1.21.3
1.21.4
1.21.5
1.21.6
1.21.7
1.21.8
1.21.9
1.22.0
1.22.0rc-FINAL
1.22.0rc0
1.22.0rc1
1.22.0rc2
1.22.0rc3
1.22.1
1.22.10
1.22.11
1.22.12
1.22.13
1.22.14
1.22.15
1.22.2
1.22.3
1.22.4
1.22.5
1.22.6
1.22.7
1.22.8
1.22.9
1.23.0
1.23.0-rc.1
1.23.0-rc.2
1.23.0-rc.3
1.23.0rc0
1.23.1
1.23.10
1.23.11
1.23.12
1.23.13
1.23.14
1.23.15
1.23.16
1.23.17
1.23.2
1.23.3
1.23.4
1.23.5
1.23.6
1.23.7
1.23.8
1.23.9
1.24.0
1.24.0-rc.0
1.24.0-rc.1
1.24.0-rc.2
1.24.0-rc.3
1.24.1
1.24.2
1.24.3
1.24.4
1.24.5
1.24.6
1.25.0
1.25.0-rc.0
1.25.1
1.25.2
1.25.3
1.25.4
1.25.5
1.25.6
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.27.0
1.27.0-rc.0
1.27.0-rc.1
1.27.1
1.27.2
1.27.3
1.27.4
1.27.5
1.27.6
1.27.7
1.28.0
1.28.0-rc.0
1.28.0-rc.1
1.28.1
1.28.2
1.28.3
1.29.0
1.29.0-rc.0
1.29.0-rc.1
1.29.1
1.29.2
1.29.3
1.3.0
1.3.0beta1
1.3.0beta2
1.3.0beta3
1.3.0beta4
1.3.0beta4a
1.3.0beta5
1.3.0beta6
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.3.17
1.3.18
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.30.0
1.30.0-rc.0
1.30.1
1.30.2
1.31.0
1.31.0-rc.0
1.31.0-rc.1
1.31.0-rc.2
1.31.1
1.31.10
1.31.11
1.31.12
1.31.13
1.31.14
1.31.15
1.31.16
1.31.2
1.31.3
1.31.4
1.31.5
1.31.6
1.31.7
1.31.8
1.31.9
1.31.9-2
1.32.0
1.32.0-rc.0
1.32.0-rc.1
1.32.0-rc.2
1.32.1
1.32.2
1.32.3
1.32.4
1.32.5
1.32.6
1.33.0
1.33.0-rc.0
1.33.1
1.33.2
1.33.3
1.33.4
1.34.0
1.34.0-rc.0
1.34.0-rc.1
1.34.1
1.34.2
1.34.3
1.34.4
1.35.0
1.35.0-rc.0
1.35.0-rc.1
1.35.0-rc.2
1.35.0-rc.3
1.35.1
1.35.10
1.35.2
1.35.3
1.35.4
1.35.5
1.35.6
1.35.7
1.35.8
1.35.9
1.36.0
1.36.0-rc.0
1.36.1
1.36.2
1.36.3
1.36.4
1.37.0
1.37.0-rc.0
1.37.0-rc.1
1.37.0-rc.2
1.37.1
1.37.2
1.37.3
1.37.4
1.37.5
1.37.6
1.38.0
1.38.0-rc.0
1.38.0-rc.1
1.38.1
1.38.2
1.38.3
1.38.4
1.38.5
1.38.6
1.39.0
1.39.0-rc.0
1.39.0-rc.1
1.39.1
1.39.2
1.39.3
1.4.0
1.4.0beta
1.4.0beta1
1.4.0beta2
1.4.0beta4
1.4.0beta5
1.4.0beta6
1.4.0rc1
1.4.1
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.40.0
1.40.0-rc.0
1.41.0
1.41.0-rc.0
1.41.1
1.41.2
1.41.3
1.41.4
1.41.5
1.42.0
1.42.0-rc.0
1.42.1
1.42.2
1.42.3
1.42.4
1.42.5
1.42.6
1.42.7
1.43.0
1.43.0-rc.0
1.43.1
1.43.2
1.43.3
1.43.4
1.43.5
1.43.6
1.43.7
1.43.8
1.44.0
1.44.0-rc.0
1.44.1
1.44.2
1.44.3
1.44.4
1.44.5
1.45.0
1.45.0-rc.0
1.45.1
1.45.2
1.45.3
1.5.0
1.5.0alpha1
1.5.0alpha2
1.5.0beta1
1.5.0beta2
1.5.0beta3
1.5.0beta4
1.5.0rc1
1.5.0rc2
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.9.0
1.9.0rc1
1.9.0rc2
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
Other
REL1_23
REL1_25
REL1_26
REL1_27
REL1_28
REL1_29
REL1_30
REL1_31
REL1_32
REL1_33
REL1_34
REL1_36
REL1_37
fundraising/REL1_27
fundraising/REL1_31
fundraising/REL1_35