VulnerableCode Package Details - pkg:composer/wallabag/wallabag@2.5.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-8rup-9gj7-uke1 Aliases: CVE-2023-3566	Allocation of Resources Without Limits or Throttling A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but does not respond in any way.	2.6.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8rup-9gj7-uke1
Aliases:
CVE-2023-3566

Allocation of Resources Without Limits or Throttling A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but does not respond in any way.

2.6.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5xuy-kdxd-33fx	Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.	CVE-2023-0735 GHSA-2qxp-xmx6-cq4f
VCID-6hrv-kkmz-jkbj	Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.	CVE-2023-0734 GHSA-8ccw-f83g-v7g3
VCID-nemp-yp8g-hufd	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.	CVE-2023-0736 GHSA-3x2c-87cq-qx49

Vulnerability

Summary

Aliases

VCID-5xuy-kdxd-33fx

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

CVE-2023-0735
GHSA-2qxp-xmx6-cq4f

VCID-6hrv-kkmz-jkbj

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.

CVE-2023-0734
GHSA-8ccw-f83g-v7g3

VCID-nemp-yp8g-hufd

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.

CVE-2023-0736
GHSA-3x2c-87cq-qx49

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:45:19.174246+00:00	GitLab Importer	Affected by	VCID-8rup-9gj7-uke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wallabag/wallabag/CVE-2023-3566.yml	38.6.0
2026-06-02T04:44:10.129106+00:00	GitLab Importer	Fixing	VCID-6hrv-kkmz-jkbj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wallabag/wallabag/CVE-2023-0734.yml	38.6.0
2026-06-02T04:43:57.784261+00:00	GitLab Importer	Fixing	VCID-5xuy-kdxd-33fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wallabag/wallabag/CVE-2023-0735.yml	38.6.0
2026-06-02T04:43:57.746082+00:00	GitLab Importer	Fixing	VCID-nemp-yp8g-hufd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/wallabag/wallabag/CVE-2023-0736.yml	38.6.0