CVE-2020-10959: MediaWiki Open Redirect vulnerability
(updated )
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
References
- gerrit.wikimedia.org/r/c/mediawiki/core/+/536725
- github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml
- github.com/advisories/GHSA-mqhw-wq8p-vf5r
- github.com/wikimedia/mediawiki
- github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb
- nvd.nist.gov/vuln/detail/CVE-2020-10959
- phabricator.wikimedia.org/T232932
- phabricator.wikimedia.org/T240393
Detect and mitigate CVE-2020-10959 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →