CNNVD-202510-778 Information
CNNVD ID
CNNVD-202510-778
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
Bucket是Weird Gloop开源的一个MediaWiki的结构化数据存储扩展。 Bucket 1.0.0之前版本存在安全漏洞,该漏洞源于使用不等于比较器查询存储桶时出现无限递归,可能导致拒绝服务。
Description (English)
Bucket is a structured data storage extension for MediaWiki from the Weird Gloop open source. The previous version of Bucket 1.0.0 had a security loophole, which stemmed from an unlimited regression when using a storage drum that did not amount to a comparator query, which could lead to the denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Weird Gloop
Published
2025-10-06
Last Modified
2026-02-24
References
https://github.com/weirdgloop/mediawiki-extensions-Bucket/blob/ad704120a1660b5929fb5825db1cf85c9c77acf4/includes/Expression/MemberOfExpression.php#L34 https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/6f4a71d531cb802cdb991d2a4ca7bf8fb691defd https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GHSA-r9f2-4jh3-659j https://access.redhat.com/security/cve/cve-2025-61766
Patch
https://github.com/weirdgloop/mediawiki-extensions-Bucket
Share on: