CVE-2023-45371

HIGH7.5EPSS 0.18%

Published: 3/6/2024Modified: 4/3/2025

Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

Affected packages (1)

Bitnami/mediawikifrom 0, < 1.35.12, >= 1.36.0, < 1.39.5, >= 1.40.0, < 1.40.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (3)

WEBhttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-45371
WEBhttps://phabricator.wikimedia.org/T345064