VulnerableCode Package Details - pkg:alpm/archlinux/mediawiki@1.35.1-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-1na8-nyq1-yfcy Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-32f4-khen-3yez Aliases: CVE-2021-30159	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-6ads-gs3n-dubh Aliases: CVE-2021-30458 GHSA-5pqx-77vf-85rw	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-7m3q-wuh7-k7fn Aliases: CVE-2021-30154	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-8sqw-6aae-13f5 Aliases: CVE-2021-30157	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-ad34-frk5-kqds Aliases: CVE-2021-30158	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-brg4-rv29-1fgz Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-fnzm-dxb3-v7hr Aliases: CVE-2021-30153	An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-htw4-yeam-p3ca Aliases: CVE-2021-30156	mediawiki: Special: Contributions toolbar reveals existence of hidden users	There are no reported fixed by versions.
VCID-k1f5-msra-4kam Aliases: CVE-2021-30155	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.	1.35.2-1 Affected by 0 other vulnerabilities.
VCID-rwtk-hep1-xfaw Aliases: CVE-2021-30152	Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.	1.35.2-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.