cvedb.io
CVE-2021-32722
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2021-06-28T20:15:07.773 · Last modified 2026-06-17T03:53:29.990

Summary

GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d.

Affected products

miraheze — globalnewfiles

Does this affect you?

Add your gear to cvedb and we'll alert you only when miraheze ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.