Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/574191?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/574191?format=api", "purl": "pkg:composer/mediawiki/core@1.27.1", "type": "composer", "namespace": "mediawiki", "name": "core", "version": "1.27.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.35.12", "latest_non_vulnerable_version": "1.40.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93012?format=api", "vulnerability_id": "VCID-41fp-ar4e-muam", "summary": "MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52923", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52862", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12467" }, { "reference_url": "https://phabricator.wikimedia.org/T209794", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T209794" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-6vfg-8ppv-h5hg", "reference_id": "GHSA-6vfg-8ppv-h5hg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6vfg-8ppv-h5hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12467", "GHSA-6vfg-8ppv-h5hg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41fp-ar4e-muam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43497?format=api", "vulnerability_id": "VCID-5d6t-am8p-3kab", "summary": "Mediawiki Improper Privilege Management\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59956", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59909", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T169545", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T169545" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634161", "reference_id": "1634161", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634161" }, { "reference_url": "https://security.archlinux.org/ASA-201809-5", "reference_id": "ASA-201809-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-5" }, { "reference_url": "https://security.archlinux.org/AVG-765", "reference_id": "AVG-765", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503", "reference_id": "CVE-2018-0503", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml", "reference_id": "CVE-2018-0503.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-mhfv-9h99-jwg7", "reference_id": "GHSA-mhfv-9h99-jwg7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhfv-9h99-jwg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62189?format=api", "purl": "pkg:composer/mediawiki/core@1.27.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62190?format=api", "purl": "pkg:composer/mediawiki/core@1.29.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/62191?format=api", "purl": "pkg:composer/mediawiki/core@1.30.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62192?format=api", "purl": "pkg:composer/mediawiki/core@1.31.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1" } ], "aliases": [ "CVE-2018-0503", "GHSA-mhfv-9h99-jwg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5d6t-am8p-3kab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93011?format=api", "vulnerability_id": "VCID-5djd-epmq-qbft", "summary": "Wikimedia MediaWiki through 1.32.1 allows CSRF.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38941", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38853", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12466.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12466" }, { "reference_url": "https://phabricator.wikimedia.org/T25227", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T25227" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-27fw-r78j-h898", "reference_id": "GHSA-27fw-r78j-h898", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-27fw-r78j-h898" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12466", "GHSA-27fw-r78j-h898" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5djd-epmq-qbft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93014?format=api", "vulnerability_id": "VCID-6nt8-u5br-yqam", "summary": "MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35314", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12469.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12469" }, { "reference_url": "https://phabricator.wikimedia.org/T222036", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T222036" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-x3fr-w7r5-x7rg", "reference_id": "GHSA-x3fr-w7r5-x7rg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x3fr-w7r5-x7rg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12469", "GHSA-x3fr-w7r5-x7rg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6nt8-u5br-yqam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93016?format=api", "vulnerability_id": "VCID-7119-yrmu-2kb8", "summary": "Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57916", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57863", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12471.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12471" }, { "reference_url": "https://phabricator.wikimedia.org/T207603", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T207603" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-2rm7-xxx8-35jh", "reference_id": "GHSA-2rm7-xxx8-35jh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2rm7-xxx8-35jh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" } ], "aliases": [ "CVE-2019-12471", "GHSA-2rm7-xxx8-35jh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7119-yrmu-2kb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93015?format=api", "vulnerability_id": "VCID-77ck-3e5e-rkb9", "summary": "Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37316", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37224", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12470.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12470" }, { "reference_url": "https://phabricator.wikimedia.org/T222038", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T222038" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-733q-m38x-q7cc", "reference_id": "GHSA-733q-m38x-q7cc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-733q-m38x-q7cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12470", "GHSA-733q-m38x-q7cc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77ck-3e5e-rkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93022?format=api", "vulnerability_id": "VCID-7fnd-1drh-rfcq", "summary": "resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50944", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50882", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10959" }, { "reference_url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10959", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10959" }, { "reference_url": "https://phabricator.wikimedia.org/T232932", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T232932" }, { "reference_url": "https://phabricator.wikimedia.org/T240393", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T240393" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826079", "reference_id": "1826079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826079" }, { "reference_url": "https://github.com/advisories/GHSA-mqhw-wq8p-vf5r", "reference_id": "GHSA-mqhw-wq8p-vf5r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mqhw-wq8p-vf5r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152005?format=api", "purl": "pkg:composer/mediawiki/core@1.34.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0-rc.0" } ], "aliases": [ "CVE-2020-10959", "GHSA-mqhw-wq8p-vf5r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fnd-1drh-rfcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93024?format=api", "vulnerability_id": "VCID-7r42-v9vc-afcx", "summary": "In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73204", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73241", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005" }, { "reference_url": "https://phabricator.wikimedia.org/T248947", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T248947" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4767", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026", "reference_id": "1851026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026" }, { "reference_url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv", "reference_id": "GHSA-xpv7-93cm-4mxv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/156108?format=api", "purl": "pkg:composer/mediawiki/core@1.31.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/156109?format=api", "purl": "pkg:composer/mediawiki/core@1.33.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/156110?format=api", "purl": "pkg:composer/mediawiki/core@1.34.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-du3q-drv8-hkc7" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.2" } ], "aliases": [ "CVE-2020-15005", "GHSA-xpv7-93cm-4mxv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7r42-v9vc-afcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93019?format=api", "vulnerability_id": "VCID-8te2-uyp7-c7b2", "summary": "Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49211", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49151", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12474" }, { "reference_url": "https://phabricator.wikimedia.org/T212118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T212118" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-2qrr-c2gh-pr35", "reference_id": "GHSA-2qrr-c2gh-pr35", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2qrr-c2gh-pr35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12474", "GHSA-2qrr-c2gh-pr35" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8te2-uyp7-c7b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43382?format=api", "vulnerability_id": "VCID-cdzw-fsu7-5ybt", "summary": "Mediawiki BotPassword can bypass CentralAuth's account lock\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62784", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62739", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T194605", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T194605" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634166", "reference_id": "1634166", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634166" }, { "reference_url": "https://security.archlinux.org/ASA-201809-5", "reference_id": "ASA-201809-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-5" }, { "reference_url": "https://security.archlinux.org/AVG-765", "reference_id": "AVG-765", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505", "reference_id": "CVE-2018-0505", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml", "reference_id": "CVE-2018-0505.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-5c6w-f4w2-2grp", "reference_id": "GHSA-5c6w-f4w2-2grp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5c6w-f4w2-2grp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62189?format=api", "purl": "pkg:composer/mediawiki/core@1.27.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62190?format=api", "purl": "pkg:composer/mediawiki/core@1.29.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/62191?format=api", "purl": "pkg:composer/mediawiki/core@1.30.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62192?format=api", "purl": "pkg:composer/mediawiki/core@1.31.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1" } ], "aliases": [ "CVE-2018-0505", "GHSA-5c6w-f4w2-2grp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzw-fsu7-5ybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43547?format=api", "vulnerability_id": "VCID-dqvd-5d51-sbge", "summary": "Mediawiki information disclosure vulnerability\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81641", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81672", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T187638", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T187638" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634168", "reference_id": "1634168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634168" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504", "reference_id": "CVE-2018-0504", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml", "reference_id": "CVE-2018-0504.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hr8v-f4g2-p66f", "reference_id": "GHSA-hr8v-f4g2-p66f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hr8v-f4g2-p66f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62189?format=api", "purl": "pkg:composer/mediawiki/core@1.27.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62190?format=api", "purl": "pkg:composer/mediawiki/core@1.29.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/62191?format=api", "purl": "pkg:composer/mediawiki/core@1.30.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62192?format=api", "purl": "pkg:composer/mediawiki/core@1.31.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-41fp-ar4e-muam" }, { "vulnerability": "VCID-5djd-epmq-qbft" }, { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-6nt8-u5br-yqam" }, { "vulnerability": "VCID-7119-yrmu-2kb8" }, { "vulnerability": "VCID-77ck-3e5e-rkb9" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-8te2-uyp7-c7b2" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-e3pm-2tfy-qkaa" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-rm5w-m3u5-s3en" }, { "vulnerability": "VCID-wn7c-cwg4-rke1" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1" } ], "aliases": [ "CVE-2018-0504", "GHSA-hr8v-f4g2-p66f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqvd-5d51-sbge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93017?format=api", "vulnerability_id": "VCID-e3pm-2tfy-qkaa", "summary": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35557", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35461", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12472.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12472" }, { "reference_url": "https://phabricator.wikimedia.org/T199540", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T199540" }, { "reference_url": "https://github.com/advisories/GHSA-7mqg-5fgh-xh4r", "reference_id": "GHSA-7mqg-5fgh-xh4r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7mqg-5fgh-xh4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12472", "GHSA-7mqg-5fgh-xh4r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3pm-2tfy-qkaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46170?format=api", "vulnerability_id": "VCID-najx-n63u-tqf5", "summary": "MediaWiki Denial of Service vulnerability\nAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93584", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" }, { "reference_url": "https://phabricator.wikimedia.org/T333050", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://phabricator.wikimedia.org/T333050" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363", "reference_id": "CVE-2023-45363", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363" }, { "reference_url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9", "reference_id": "GHSA-w5fx-cx7f-6vr9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67234?format=api", "purl": "pkg:composer/mediawiki/core@1.35.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/67235?format=api", "purl": "pkg:composer/mediawiki/core@1.39.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/67236?format=api", "purl": "pkg:composer/mediawiki/core@1.40.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1" } ], "aliases": [ "CVE-2023-45363", "GHSA-w5fx-cx7f-6vr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-najx-n63u-tqf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93013?format=api", "vulnerability_id": "VCID-rm5w-m3u5-s3en", "summary": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66727", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66686", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12468.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/mediawiki-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12468" }, { "reference_url": "https://phabricator.wikimedia.org/T197279", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T197279" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-wrhx-3pxr-6vgg", "reference_id": "GHSA-wrhx-3pxr-6vgg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wrhx-3pxr-6vgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12468", "GHSA-wrhx-3pxr-6vgg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rm5w-m3u5-s3en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93018?format=api", "vulnerability_id": "VCID-wn7c-cwg4-rke1", "summary": "Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64507", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64463", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12474" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12473.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12473" }, { "reference_url": "https://phabricator.wikimedia.org/T204729", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T204729" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4460", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "reference_url": "https://github.com/advisories/GHSA-33xw-x3pr-rvqj", "reference_id": "GHSA-33xw-x3pr-rvqj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-33xw-x3pr-rvqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149609?format=api", "purl": "pkg:composer/mediawiki/core@1.27.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149610?format=api", "purl": "pkg:composer/mediawiki/core@1.30.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149611?format=api", "purl": "pkg:composer/mediawiki/core@1.31.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/149612?format=api", "purl": "pkg:composer/mediawiki/core@1.32.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m1h-d3k7-wbd4" }, { "vulnerability": "VCID-77gx-zju5-d7af" }, { "vulnerability": "VCID-7fnd-1drh-rfcq" }, { "vulnerability": "VCID-7r42-v9vc-afcx" }, { "vulnerability": "VCID-dsh9-aupc-6kce" }, { "vulnerability": "VCID-er5f-3bhf-b7fy" }, { "vulnerability": "VCID-najx-n63u-tqf5" }, { "vulnerability": "VCID-p39b-8e53-tfgj" }, { "vulnerability": "VCID-q1rw-mxdb-gbe7" }, { "vulnerability": "VCID-wte4-8b73-p3hw" }, { "vulnerability": "VCID-x8p9-z9ze-n7ac" }, { "vulnerability": "VCID-xxzh-tyxs-6ugj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.2" } ], "aliases": [ "CVE-2019-12473", "GHSA-33xw-x3pr-rvqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wn7c-cwg4-rke1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44814?format=api", "vulnerability_id": "VCID-wte4-8b73-p3hw", "summary": "X-Forwarded-For header allows brute-forcing autoblocked IP addresses\nAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52881", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7" }, { "reference_url": "https://phabricator.wikimedia.org/T285159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://phabricator.wikimedia.org/T285159" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5447", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5447" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627", "reference_id": "2183627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141", "reference_id": "CVE-2023-29141", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141" }, { "reference_url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6", "reference_id": "GHSA-5vj8-g3qg-4qh6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/", "reference_id": "ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/", "reference_id": "ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64484?format=api", "purl": "pkg:composer/mediawiki/core@1.35.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-najx-n63u-tqf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/64483?format=api", "purl": "pkg:composer/mediawiki/core@1.38.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-najx-n63u-tqf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/64482?format=api", "purl": "pkg:composer/mediawiki/core@1.39.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-najx-n63u-tqf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3" } ], "aliases": [ "CVE-2023-29141", "GHSA-5vj8-g3qg-4qh6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wte4-8b73-p3hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7082?format=api", "vulnerability_id": "VCID-xxzh-tyxs-6ugj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7216", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72201", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800" }, { "reference_url": "https://phabricator.wikimedia.org/T284419", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T284419" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-24" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517", "reference_id": "2009517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73", "reference_id": "GHSA-c8wv-qwwc-6j73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/154156?format=api", "purl": "pkg:composer/mediawiki/core@1.36.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-najx-n63u-tqf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2" } ], "aliases": [ "CVE-2021-41800", "GHSA-c8wv-qwwc-6j73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxzh-tyxs-6ugj" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.1" }