{
  "id": "CVE-2024-34502",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-05-05T19:15:07.197",
  "lastModified": "2024-05-06T12:44:56.377",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en WikibaseLexeme en MediaWiki antes de 1.39.6, 1.40.x antes de 1.40.2 y 1.41.x antes de 1.41.1. Cargando especial: MergeLexemes (intentar\u00e1) realizar una edici\u00f3n que combine el ID de origen con el ID de destino, incluso si la solicitud no fue una solicitud POST, e incluso si no contiene un token de edici\u00f3n."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://phabricator.wikimedia.org/T357101",
      "source": "cve@mitre.org"
    }
  ]
}