Mczusatz

**Name of the Vulnerable Software and Affected Versions** MediaWiki TimedMediaHandler extension (affected versions not specified) **Description** The issue concerns the reset functionality in the TimedMediaHandler extension for MediaWiki, which fails to create a new transcode. This allows remote attackers to cause a denial of service by deleting a transcode when the reset functionality is used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.19 through 1.19.6 MediaWiki versions 1.20.x before 1.20.6 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension, due to an unrestricted file upload vulnerability in the chunk upload API. **Recommendations** For MediaWiki versions 1.19 through 1.19.6, update to version 1.19.7 or later. For MediaWiki versions 1.20.x before 1.20.6, update to version 1.20.6 or later. As a temporary workaround, consider restricting access to the chunk upload API until a patch is available.