Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/mediawiki/core@1.38.6

Type composer

Namespace mediawiki

Name core

Version 1.38.6

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.39.3

Latest_non_vulnerable_version 1.40.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-wte4-8b73-p3hw

vulnerability_id VCID-wte4-8b73-p3hw

summary

X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

references

reference_url	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
reference_id
reference_type
scores
url	https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

reference_url	https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
url	https://github.com/wikimedia/mediawiki

reference_url	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7

reference_url	https://phabricator.wikimedia.org/T285159
reference_id
reference_type
scores
url	https://phabricator.wikimedia.org/T285159

reference_url	https://www.debian.org/security/2023/dsa-5447
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5447

reference_url	https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
reference_id
reference_type
scores
url	https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10

reference_url	https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
reference_id
reference_type
scores
url	https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6

reference_url	https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
reference_id
reference_type
scores
url	https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-29141
reference_id	CVE-2023-29141
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-29141

reference_url	https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
reference_id	GHSA-5vj8-g3qg-4qh6
reference_type
scores
url	https://github.com/advisories/GHSA-5vj8-g3qg-4qh6

fixed_packages

url	pkg:composer/mediawiki/core@1.35.10
purl	pkg:composer/mediawiki/core@1.35.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10

url	pkg:composer/mediawiki/core@1.38.6
purl	pkg:composer/mediawiki/core@1.38.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6

url	pkg:composer/mediawiki/core@1.39.3
purl	pkg:composer/mediawiki/core@1.39.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3

aliases CVE-2023-29141, GHSA-5vj8-g3qg-4qh6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wte4-8b73-p3hw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6

Package Instance