Nikerabbit

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1 **Description** A denial of service can be accomplished by searching for a very long key in a Language Name Search, leading to resource consumption. **Recommendations** For MediaWiki versions prior to 1.35.5, update to version 1.35.5 or later. For MediaWiki versions 1.36.x prior to 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x prior to 1.37.1, update to version 1.37.1 or later.

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the Translate extension where the Aggregategroups Action API module does not validate the parameter for `aggregategroup` when `action=remove` is set. This allows users with the `translate-manage` right to silently delete various groups' metadata. Recommendations: For MediaWiki versions through 1.36, as a temporary workaround, consider restricting access to the Aggregategroups Action API module until a patch is available. Avoid using the `aggregategroup` parameter in the affected API endpoint when `action=remove` is set until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.