VulnerableCode Package Details - pkg:deb/debian/mediawiki@1:1.39.4-1~deb12u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7eba-7gsc-hbfg	X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.	CVE-2023-29141 GHSA-5vj8-g3qg-4qh6
VCID-9g1g-z7d8-c7ah	Regular Expression Denial of Service in papaparse Versions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service. ## Recommendation Upgrade to version 5.2.0 or later.	CVE-2020-36649 GHSA-qvjc-g5vr-mfgr GMS-2020-421
VCID-b8r6-r39r-3ffm	MediaWiki: Manualthumb bypasses badFile lookup	CVE-2023-36674
VCID-ruur-4cvx-cqct	mediawiki: cross site scripting	CVE-2023-36675

Vulnerability

Summary

Aliases

VCID-7eba-7gsc-hbfg

X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

CVE-2023-29141
GHSA-5vj8-g3qg-4qh6

VCID-9g1g-z7d8-c7ah

Regular Expression Denial of Service in papaparse Versions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service. ## Recommendation Upgrade to version 5.2.0 or later.

CVE-2020-36649
GHSA-qvjc-g5vr-mfgr
GMS-2020-421

VCID-b8r6-r39r-3ffm

MediaWiki: Manualthumb bypasses badFile lookup

CVE-2023-36674

VCID-ruur-4cvx-cqct

mediawiki: cross site scripting

CVE-2023-36675

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:01:06.110243+00:00	Debian Importer	Fixing	VCID-b8r6-r39r-3ffm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:55:39.606923+00:00	Debian Importer	Fixing	VCID-7eba-7gsc-hbfg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:07:58.777254+00:00	Debian Importer	Fixing	VCID-9g1g-z7d8-c7ah	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:52:36.292088+00:00	Debian Importer	Fixing	VCID-ruur-4cvx-cqct	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:14:30.582108+00:00	Debian Importer	Fixing	VCID-b8r6-r39r-3ffm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T18:14:30.452130+00:00	Debian Importer	Fixing	VCID-7eba-7gsc-hbfg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:07:01.402610+00:00	Debian Importer	Fixing	VCID-9g1g-z7d8-c7ah	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:30.882728+00:00	Debian Importer	Fixing	VCID-ruur-4cvx-cqct	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:45:51.305731+00:00	Debian Importer	Fixing	VCID-ruur-4cvx-cqct	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:51.244423+00:00	Debian Importer	Fixing	VCID-b8r6-r39r-3ffm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:51.117911+00:00	Debian Importer	Fixing	VCID-7eba-7gsc-hbfg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:49.067024+00:00	Debian Importer	Fixing	VCID-9g1g-z7d8-c7ah	https://security-tracker.debian.org/tracker/data/json	38.1.0