CVE-2024-34506

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.39.7 MediaWiki versions 1.40.x prior to 1.40.3 MediaWiki versions 1.41.x prior to 1.41.1

Description An issue in the includes/specials/SpecialMovePage.php file of MediaWiki can lead to a denial of service. If a user with the necessary rights to move a page opens Special:MovePage for a page with tens of thousands of subpages, the page will exceed the maximum request time, resulting in a denial of service.

Recommendations For MediaWiki versions prior to 1.39.7, update to version 1.39.7 or later. For MediaWiki versions 1.40.x prior to 1.40.3, update to version 1.40.3 or later. For MediaWiki versions 1.41.x prior to 1.41.1, update to version 1.41.1 or later. As a temporary workaround, consider restricting access to the Special:MovePage page for users with the necessary rights to move pages, especially for pages with a large number of subpages.