Description

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.

Remediation

References

CVE-2021-31555

Related Vulnerabilities

Joomla! Core Information Disclosure (1.5.0 - 3.8.1)

WordPress Plugin Integration for Gravity Forms and Pipedrive Cross-Site Scripting (1.0.6)

Oracle JRE CVE-2014-2401 Vulnerability (CVE-2014-2401)

WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)

MediaWiki Improper Input Validation Vulnerability (CVE-2011-1580)

Severity

High

Classification

CVE-2021-31555 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities