Search for packages
| purl | pkg:composer/mediawiki/core@1.29.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7eba-7gsc-hbfg
Aliases: CVE-2023-29141 GHSA-5vj8-g3qg-4qh6 |
X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-9qyu-z71g-1qbq
Aliases: CVE-2020-10959 GHSA-mqhw-wq8p-vf5r |
MediaWiki Open Redirect vulnerability resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. |
Affected by 9 other vulnerabilities. |
|
VCID-jm7q-2w3j-buhh
Aliases: CVE-2023-45363 GHSA-w5fx-cx7f-6vr9 |
MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z9d9-aer5-gfa9
Aliases: CVE-2021-41800 GHSA-c8wv-qwwc-6j73 |
Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. |
Affected by 1 other vulnerability. |
|
VCID-zgdf-mxfn-gbea
Aliases: CVE-2020-15005 GHSA-xpv7-93cm-4mxv |
img_auth.php may leak private extension images into the public cache In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. |
Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-sf61-byhw-17gv | Mediawiki Improper Privilege Management Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. |
CVE-2018-0503
GHSA-mhfv-9h99-jwg7 |
| VCID-v27j-4pnt-n7h9 | Mediawiki BotPassword can bypass CentralAuth's account lock Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock |
CVE-2018-0505
GHSA-5c6w-f4w2-2grp |
| VCID-w3f8-nrqd-p7gq | Mediawiki information disclosure vulnerability Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid |
CVE-2018-0504
GHSA-hr8v-f4g2-p66f |