VulnerableCode Package Details - pkg:composer/mediawiki/core@1.38.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-jm7q-2w3j-buhh Aliases: CVE-2023-45363 GHSA-w5fx-cx7f-6vr9	MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.	1.39.5 Affected by 0 other vulnerabilities. 1.40.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-jm7q-2w3j-buhh
Aliases:
CVE-2023-45363
GHSA-w5fx-cx7f-6vr9

MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

1.39.5
Affected by 0 other vulnerabilities.

1.40.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7eba-7gsc-hbfg	X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.	CVE-2023-29141 GHSA-5vj8-g3qg-4qh6

Vulnerability

Summary

Aliases

VCID-7eba-7gsc-hbfg

X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

CVE-2023-29141
GHSA-5vj8-g3qg-4qh6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:40:13.655806+00:00	GitLab Importer	Affected by	VCID-jm7q-2w3j-buhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	38.4.0
2026-04-16T22:26:02.378523+00:00	GitLab Importer	Fixing	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.4.0
2026-04-11T23:59:40.829600+00:00	GitLab Importer	Affected by	VCID-jm7q-2w3j-buhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	38.3.0
2026-04-11T23:44:18.452160+00:00	GitLab Importer	Fixing	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.3.0
2026-04-03T00:02:44.492052+00:00	GitLab Importer	Affected by	VCID-jm7q-2w3j-buhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	38.1.0
2026-04-02T23:47:57.043675+00:00	GitLab Importer	Fixing	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.1.0
2026-04-02T16:59:15.193889+00:00	GHSA Importer	Fixing	VCID-7eba-7gsc-hbfg	https://github.com/advisories/GHSA-5vj8-g3qg-4qh6	38.1.0
2026-04-01T12:58:43.563459+00:00	GithubOSV Importer	Fixing	VCID-7eba-7gsc-hbfg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-5vj8-g3qg-4qh6/GHSA-5vj8-g3qg-4qh6.json	38.0.0
2026-04-01T12:51:05.501188+00:00	GitLab Importer	Fixing	VCID-7eba-7gsc-hbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-29141.yml	38.0.0