Error
Request URL: https://en.wikipedia.org/w/index.php?title=Special:AbuseLog&wpSearchFilter=1%27%20UNION
Request ID: XRtuagpAMFAAAGpCaTMAAABP
InvalidArgumentException: Invalid filter name (gibberish)
#0 /srv/mediawiki/php-1.34.0-wmf.11/extensions/AbuseFilter/includes/AbuseFilter.php(373): AbuseFilter::splitGlobalName(string) #1 /srv/mediawiki/php-1.34.0-wmf.11/extensions/AbuseFilter/includes/special/SpecialAbuseLog.php(466): AbuseFilter::filterHidden(string) #2 /srv/mediawiki/php-1.34.0-wmf.11/extensions/AbuseFilter/includes/special/SpecialAbuseLog.php(130): SpecialAbuseLog->showList() #3 /srv/mediawiki/php-1.34.0-wmf.11/includes/specialpage/SpecialPage.php(571): SpecialAbuseLog->execute(NULL) #4 /srv/mediawiki/php-1.34.0-wmf.11/includes/specialpage/SpecialPageFactory.php(581): SpecialPage->run(NULL) #5 /srv/mediawiki/php-1.34.0-wmf.11/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext) #6 /srv/mediawiki/php-1.34.0-wmf.11/includes/MediaWiki.php(884): MediaWiki->performRequest() #7 /srv/mediawiki/php-1.34.0-wmf.11/includes/MediaWiki.php(515): MediaWiki->main() #8 /srv/mediawiki/php-1.34.0-wmf.11/index.php(42): MediaWiki->run() #9 /srv/mediawiki/w/index.php(3): include(string) #10 {main}
Impact
Users can craft urls to Special:AbuseLog that consistently cause a bypass of the Varnish cache, hit the application servers, and make them generate a fatal error.
These fatal errors then produce an HTTP 500 response which raises alert levels for the Traffic layers, as well as deployment health in Logstash which can cause alerts and aborted deployments.
Notes
This appears new in 1.34-wmf.10/1.34-wmf.11. It was rarely seen or not at all, in the 3 weeks before that.