Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-32722
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Uncontrolled Resource Consumption in GlobalNewFiles
Source: NVD (National Vulnerability Database)
Vulnerability Description
GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
MediaWiki GlobalNewFiles 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GlobalNewFiles是美国维基媒体(MediaWiki)基金会的一个扩展,提供了一个特殊的页面在全球范围内查看wiki farm的所有文件。 GlobalNewFiles 存在资源管理错误漏洞,该漏洞源于GlobalNewFiles的所有现有版本都受到一个不受控制的资源消耗漏洞的影响。攻击者可利用该漏洞引起短时间内大量的页面移动可能会使数据库服务器不堪重负。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
mirahezeGlobalNewFiles < 48be7adb70568e20e961ea1cb70904454a671b1d -
II. Public POCs for CVE-2021-32722
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-32722
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: GlobalNewFiles
Same vendor: miraheze
Same weakness: CWE-400
V. Comments for CVE-2021-32722

No comments yet

Leave a comment