Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/mediawiki/core@1.29.0-rc.0

Type composer

Namespace mediawiki

Name core

Version 1.29.0-rc.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.35.12

Latest_non_vulnerable_version 1.40.1

Affected_by_vulnerabilities

url VCID-7eba-7gsc-hbfg

vulnerability_id VCID-7eba-7gsc-hbfg

summary

X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_id

reference_type

scores

value	0.00251
scoring_system	epss
scoring_elements	0.48447
published_at	2026-04-12T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48509
published_at	2026-04-16T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48459
published_at	2026-04-13T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48473
published_at	2026-04-11T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48426
published_at	2026-04-02T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48448
published_at	2026-04-04T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48401
published_at	2026-04-07T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48455
published_at	2026-04-08T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48449
published_at	2026-04-09T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52609
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_url

https://phabricator.wikimedia.org/T285159

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://phabricator.wikimedia.org/T285159

reference_url

https://www.debian.org/security/2023/dsa-5447

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://www.debian.org/security/2023/dsa-5447

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627
reference_id	2183627
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183627

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_id

CVE-2023-29141

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_id

GHSA-5vj8-g3qg-4qh6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_id

ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

reference_id

ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

fixed_packages

url pkg:composer/mediawiki/core@1.35.10

purl pkg:composer/mediawiki/core@1.35.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm7q-2w3j-buhh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10

url pkg:composer/mediawiki/core@1.38.6

purl pkg:composer/mediawiki/core@1.38.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm7q-2w3j-buhh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6

url pkg:composer/mediawiki/core@1.39.3

purl pkg:composer/mediawiki/core@1.39.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm7q-2w3j-buhh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3

aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg

url VCID-9qyu-z71g-1qbq

vulnerability_id VCID-9qyu-z71g-1qbq

summary

MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10959

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50757
published_at	2026-04-18T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50752
published_at	2026-04-16T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50727
published_at	2026-04-12T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.5075
published_at	2026-04-11T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50708
published_at	2026-04-09T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50675
published_at	2026-04-02T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50712
published_at	2026-04-13T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50657
published_at	2026-04-07T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50701
published_at	2026-04-04T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50622
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10959

reference_url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10959

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10959

reference_url

https://phabricator.wikimedia.org/T232932

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T232932

reference_url

https://phabricator.wikimedia.org/T240393

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T240393

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1826079
reference_id	1826079
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1826079

reference_url

https://github.com/advisories/GHSA-mqhw-wq8p-vf5r

reference_id

GHSA-mqhw-wq8p-vf5r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mqhw-wq8p-vf5r

fixed_packages

url pkg:composer/mediawiki/core@1.34.0-rc.0

purl pkg:composer/mediawiki/core@1.34.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-4keq-jcfa-13hc

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-z9d9-aer5-gfa9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0-rc.0

aliases CVE-2020-10959, GHSA-mqhw-wq8p-vf5r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyu-z71g-1qbq

url VCID-jm7q-2w3j-buhh

vulnerability_id VCID-jm7q-2w3j-buhh

summary

MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_id

reference_type

scores

value	0.11025
scoring_system	epss
scoring_elements	0.93433
published_at	2026-04-13T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93458
published_at	2026-04-18T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93452
published_at	2026-04-16T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93407
published_at	2026-04-02T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93415
published_at	2026-04-07T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93424
published_at	2026-04-08T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93427
published_at	2026-04-09T12:55:00Z

value	0.11025
scoring_system	epss
scoring_elements	0.93432
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html

reference_url

https://phabricator.wikimedia.org/T333050

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://phabricator.wikimedia.org/T333050

reference_url

https://www.debian.org/security/2023/dsa-5520

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/

url

https://www.debian.org/security/2023/dsa-5520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_id

CVE-2023-45363

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45363

reference_url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

reference_id

GHSA-w5fx-cx7f-6vr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w5fx-cx7f-6vr9

fixed_packages

url	pkg:composer/mediawiki/core@1.35.12
purl	pkg:composer/mediawiki/core@1.35.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12

url	pkg:composer/mediawiki/core@1.39.5
purl	pkg:composer/mediawiki/core@1.39.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5

url	pkg:composer/mediawiki/core@1.40.1
purl	pkg:composer/mediawiki/core@1.40.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1

aliases CVE-2023-45363, GHSA-w5fx-cx7f-6vr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh

url VCID-z9d9-aer5-gfa9

vulnerability_id VCID-z9d9-aer5-gfa9

summary Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.39337
published_at	2026-04-18T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39342
published_at	2026-04-08T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39365
published_at	2026-04-16T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39313
published_at	2026-04-13T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39331
published_at	2026-04-12T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39371
published_at	2026-04-11T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39164
published_at	2026-04-01T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39359
published_at	2026-04-09T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.3935
published_at	2026-04-02T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39374
published_at	2026-04-04T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39287
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801

reference_url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

reference_url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5

reference_url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
reference_id
reference_type
scores
url	https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41800

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41800

reference_url

https://phabricator.wikimedia.org/T284419

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T284419

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517
reference_id	2009517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2009517

reference_url

https://security.archlinux.org/AVG-2434

reference_id

AVG-2434

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2434

reference_url

https://github.com/advisories/GHSA-c8wv-qwwc-6j73

reference_id

GHSA-c8wv-qwwc-6j73

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c8wv-qwwc-6j73

reference_url

https://security.gentoo.org/glsa/202305-24

reference_id

GLSA-202305-24

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202305-24

fixed_packages

url pkg:composer/mediawiki/core@1.36.2

purl pkg:composer/mediawiki/core@1.36.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm7q-2w3j-buhh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2

aliases CVE-2021-41800, GHSA-c8wv-qwwc-6j73

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9

url VCID-zgdf-mxfn-gbea

vulnerability_id VCID-zgdf-mxfn-gbea

summary

img_auth.php may leak private extension images into the public cache
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15005

reference_id

reference_type

scores

value	0.00737
scoring_system	epss
scoring_elements	0.72876
published_at	2026-04-18T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72768
published_at	2026-04-01T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72776
published_at	2026-04-02T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72796
published_at	2026-04-04T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72773
published_at	2026-04-07T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72811
published_at	2026-04-08T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72825
published_at	2026-04-09T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.7285
published_at	2026-04-11T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72833
published_at	2026-04-12T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72824
published_at	2026-04-13T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72866
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33

reference_url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34

reference_url

https://github.com/wikimedia/mediawiki

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wikimedia/mediawiki

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H

reference_url

https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15005

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15005

reference_url

https://phabricator.wikimedia.org/T248947

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://phabricator.wikimedia.org/T248947

reference_url

https://www.debian.org/security/2020/dsa-4767

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2020/dsa-4767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1851026
reference_id	1851026
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1851026

reference_url

https://github.com/advisories/GHSA-xpv7-93cm-4mxv

reference_id

GHSA-xpv7-93cm-4mxv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xpv7-93cm-4mxv

fixed_packages

url pkg:composer/mediawiki/core@1.31.8

purl pkg:composer/mediawiki/core@1.31.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-9qyu-z71g-1qbq

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-z9d9-aer5-gfa9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.8

url pkg:composer/mediawiki/core@1.33.4

purl pkg:composer/mediawiki/core@1.33.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-9qyu-z71g-1qbq

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-z9d9-aer5-gfa9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.4

url pkg:composer/mediawiki/core@1.34.2

purl pkg:composer/mediawiki/core@1.34.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-424y-cjxg-c7az

vulnerability	VCID-7eba-7gsc-hbfg

vulnerability	VCID-arzd-7xhw-qqb4

vulnerability	VCID-azup-qzq7-sbh6

vulnerability	VCID-h8jw-brz8-hkfn

vulnerability	VCID-jm7q-2w3j-buhh

vulnerability	VCID-pm5t-23j4-6yh6

vulnerability	VCID-ujdn-y48t-pbch

vulnerability	VCID-z9d9-aer5-gfa9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.2

aliases CVE-2020-15005, GHSA-xpv7-93cm-4mxv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgdf-mxfn-gbea

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.0-rc.0

Package Instance