CVE-2015-2937

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.19.24 MediaWiki versions 1.20.x through 1.23.9 MediaWiki versions 1.24.x through 1.24.2

Description The issue allows remote attackers to cause a denial of service, resulting in a "quadratic blowup" and memory consumption, via an XML file containing an entity declaration with long replacement text and many references to this entity.

Recommendations For MediaWiki versions prior to 1.19.24, update to version 1.19.24 or later. For MediaWiki versions 1.20.x through 1.23.9, update to version 1.23.9 or later. For MediaWiki versions 1.24.x through 1.24.2, update to version 1.24.2 or later.