vulnerability
MediaWiki: CVE-2024-34506: Uncontrolled Resource Consumption
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | May 5, 2024 | Jun 20, 2025 | May 6, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
May 5, 2024
Added
Jun 20, 2025
Modified
May 6, 2026
Description
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.
Solution
mediawiki-upgrade-latest
References
- CVE-2024-34506
- https://attackerkb.com/topics/CVE-2024-34506
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
- https://phabricator.wikimedia.org/T357760
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-34832
- CWE-400
- EUVD-EUVD-2024-34832
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.