{"id":"CVE-2022-28201","details":"An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.","aliases":["BIT-mediawiki-2022-28201"],"modified":"2026-05-15T11:53:45.343373390Z","published":"2022-09-19T00:00:00Z","database_specific":{"cna_assigner":"mitre","unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"fixed":"1.35.6"},{"introduced":"1.36.x"},{"fixed":"1.36.4"},{"introduced":"1.37.x"},{"fixed":"1.37.2"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/28xxx/CVE-2022-28201.json"},"references":[{"type":"WEB","url":"https://phabricator.wikimedia.org/T297571"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/28xxx/CVE-2022-28201.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28201"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5246"},{"type":"ARTICLE","url":"https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html"}],"schema_version":"1.7.5"}