CVE-2015-8001
EPSS 0.32%
Description
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.
How to fix CVE-2015-8001
To remediate CVE-2015-8001, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.25.5-1 or later
Is CVE-2015-8001 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.25.5-1