Martin Urbanec

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.35.2 **Description** An issue in the CheckUser extension allows MediaWiki usernames with trailing whitespace to be stored in the cu log database table, causing denial of service for certain CheckUser extension pages and functionality. This could interfere with usage tracking, for example, by turning off Special:CheckUserLog. **Recommendations** For versions through 1.35.2, consider temporarily restricting access to the CheckUser extension until a fix is applied to prevent the storage of usernames with trailing whitespace in the cu log database table.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.31.10 MediaWiki versions 1.32.x through 1.34.3 **Description** An information leak was discovered due to incorrect handling of actor ID, which may not use the correct database or wiki. **Recommendations** For MediaWiki versions prior to 1.31.10, update to version 1.31.10 or later. For MediaWiki versions 1.32.x through 1.34.3, update to version 1.34.4 or later.