CVE-2021-41118

Name of the Vulnerable Software and Affected Versions DynamicPageList3 versions prior to 3.3.6

Description The DynamicPageList3 extension for MediaWiki is affected by an issue where unsanitized input of regular expression data within the parameters of the DPL parser function allows for the possibility of ReDoS (Regex Denial of Service).

Recommendations For versions prior to 3.3.6, update to version 3.3.6 to resolve the issue. As a temporary workaround, consider setting $wgDplSettings['functionalRichness'] = 0; to mitigate the risk. Alternatively, disable DynamicPageList3 to minimize the risk of exploitation.