{"id":"CVE-2023-36674","details":"An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.","aliases":["BIT-mediawiki-2023-36674"],"modified":"2026-04-16T04:42:22.188497631Z","published":"2023-08-20T18:15:09.930Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/"},{"type":"FIX","url":"https://phabricator.wikimedia.org/T335612"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"0"},{"fixed":"b8d14e9d292f1199b959b9ce26d99f72bf935406"},{"introduced":"bc542ec6d8573dfb906b468901799e0017875f1e"},{"fixed":"059c8e1b9a315c36ae827f929ea9a077acbba2eb"},{"introduced":"c95fc4786beba034fa643062b98a60ccbde831fd"},{"fixed":"c4075dfdbcb51df3c922aef582cf5b4091759595"},{"introduced":"0"},{"last_affected":"468dd69d6ee8e84b9ab26d0ee3d52f215faaf0d4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.35.11"},{"introduced":"1.36.0"},{"fixed":"1.38.7"},{"introduced":"1.39.0"},{"fixed":"1.39.4"},{"introduced":"0"},{"last_affected":"1.40.0"}]}}],"versions":["1.1.0","1.3.0beta1","1.35.0","1.35.0-rc.0","1.35.0-rc.1","1.35.0-rc.2","1.35.0-rc.3","1.35.1","1.35.10","1.35.2","1.35.3","1.35.4","1.35.5","1.35.6","1.35.7","1.35.8","1.35.9","1.38.0","1.38.0-rc.0","1.38.0-rc.1","1.38.1","1.38.2","1.38.3","1.38.4","1.38.5","1.38.6","1.39.0","1.39.1","1.39.2","1.39.3","1.40.0","1.40.0-rc.0","1.5.0alpha1","1.5.0alpha2","1.5.0beta1","1.5.0beta2","1.5.0beta3","1.5.0beta4","1.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36674.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}