Ladsgroup

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 **Description** An issue in MediaWiki allows remote attackers to cause a denial of service. This is because the SpecialMobileHistory feature can lead to slow database queries, enabling the denial of service. **Recommendations** For versions prior to 1.35.9, update to version 1.35.9 or later. For versions 1.36.x through 1.38.x, update to version 1.38.5 or later. For versions 1.39.x, update to version 1.39.1 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.6 MediaWiki versions 1.36.x prior to 1.36.4 MediaWiki versions 1.37.x prior to 1.37.2 **Description** A denial-of-service issue was discovered in MediaWiki. When many files exist, requesting Special:NewFiles with `actor` as a condition can result in a very long running query. **Recommendations** For MediaWiki versions prior to 1.35.6, update to version 1.35.6 or later. For MediaWiki versions 1.36.x prior to 1.36.4, update to version 1.36.4 or later. For MediaWiki versions 1.37.x prior to 1.37.2, update to version 1.37.2 or later. As a temporary workaround, consider restricting access to the Special:NewFiles page with the `actor` condition until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.37.x before 1.37.2 **Description** A denial-of-service issue was discovered. The rendering of "w/index.php?title=Special:WhatLinksHere&target=Property:P31&namespace=1&invert=1" can take more than thirty seconds, posing a DDoS risk. **Recommendations** For MediaWiki versions 1.37.x before 1.37.2, update to version 1.37.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "w/index.php?title=Special:WhatLinksHere&target=Property:P31&namespace=1&invert=1" endpoint to minimize the risk of exploitation.