Reedy

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.35.8 MediaWiki versions 1.36.x through 1.37.4 MediaWiki versions 1.38.x through 1.38.2 **Description** An issue was discovered in MediaWiki. When changes made by an IP address are reassigned to a user using reassignEdits.php, the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. **Recommendations** For MediaWiki versions prior to 1.35.8, update to version 1.35.8 or later. For MediaWiki versions 1.36.x through 1.37.4, update to version 1.37.5 or later. For MediaWiki versions 1.38.x through 1.38.2, update to version 1.38.3 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.36.2 **Description** The issue allows for a denial of service due to resource consumption caused by lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. **Recommendations** For MediaWiki versions prior to 1.36.2, update to version 1.36.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Special:Contributions page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions through 1.35.2 **Description** An issue was discovered in the Oauth extension for MediaWiki. It did not validate the `oarc version` (also known as `oauth registered consumer.oarc version`) parameter's length. **Recommendations** For MediaWiki versions through 1.35.2, as a temporary workaround, consider restricting access to the Oauth extension until a patch is available. Avoid using the `oarc version` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.