CVE-2023-36674
- Source
- https://cve.org/CVERecord?id=CVE-2023-36674
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36674.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-36674
- Aliases
- Downstream
- Published
- 2023-08-20T00:00:00Z
- Modified
- 2026-06-18T03:56:59.337819786Z
- Summary
- [none]
- Details
-
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
- Database specific
{ "cna_assigner": "mitre", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36674.json", "unresolved_ranges": [ { "extracted_events": [ { "fixed": "1.35.11" }, { "introduced": "1.36.x" }, { "fixed": "1.38.x" }, { "fixed": "1.38.7" }, { "introduced": "1.39.x" }, { "fixed": "1.39.4" }, { "introduced": "1.40.x" }, { "fixed": "1.40.1" } ], "source": "DESCRIPTION" } ] }- References
-
- https://phabricator.wikimedia.org/T335612
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36674.json
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
- https://nvd.nist.gov/vuln/detail/CVE-2023-36674
Affected packages
Git / github.com/wikimedia/mediawiki
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wikimedia/mediawiki
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "1.35.11" }, { "last_affected": "1.40.0" }, { "introduced": "1.36.0" }, { "fixed": "1.38.7" }, { "introduced": "1.39.0" }, { "fixed": "1.39.4" } ], "source": [ "CPE_RANGE", "CPE_STRING" ], "cpe": [ "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.40.0:*:*:*:*:*:*:*" ] }
Affected versions
1.*
1.1.0
1.3.0beta1
1.35.0
1.35.0-rc.0
1.35.0-rc.1
1.35.0-rc.2
1.35.0-rc.3
1.35.1
1.35.10
1.35.2
1.35.3
1.35.4
1.35.5
1.35.6
1.35.7
1.35.8
1.35.9
1.38.0
1.38.0-rc.0
1.38.0-rc.1
1.38.1
1.38.2
1.38.3
1.38.4
1.38.5
1.38.6
1.39.0
1.39.1
1.39.2
1.39.3
1.5.0alpha1
1.5.0alpha2
1.5.0beta1
1.5.0beta2
1.5.0beta3
1.5.0beta4
1.6.0
Other
test-hashar-for-ci