possible DOS attack in mwlib < 0.13.5

27 views
Skip to first unread message

Ralf Schmitt

unread,
Mar 5, 2012, 4:58:39 AM3/5/12
to mw...@googlegroups.com
Hi all,

we've release mwlib 0.13.5 last week.

ultranurd (https://github.com/UltraNurd) found a bug in prior versions
which might allow an attacker to DOS attack a mwlib installation by
forcing it to parse a specially crafted #iferror magic function.
If you're wiki allows edits and you're running mwlib, you should upgrade
to mwlib 0.13.5 as soon as possible.

Details can be found here: https://github.com/pediapress/mwlib/pull/10

If you don't feel like upgrading mwlib, you may also just apply the
following fix:
https://github.com/pediapress/mwlib/commit/aa987c281c10e29f26aa0faa21c04f3bb1167fde


--
Cheers
Ralf

Reply all
Reply to author
Forward
0 new messages