VulnerableCode Package Details - pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.16

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.16

purl	pkg:maven/org.xwiki.platform/xwiki-platform-oldcore@16.10.16

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-zha9-bprb-6ucp	XWiki's REST APIs can list all pages/spaces, leading to unavailability ### Impact REST API endpoints like `/xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties` list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. ### Patches This problem has been patched by applying the configured query limit also to the available values for database list properties in XWiki 16.10.16, 17.4.8 and 17.10.1. ### Workarounds We're not aware of any workarounds apart from upgrading the affected modules.	CVE-2026-40104 GHSA-mrqg-xmgm-rc5g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T07:45:59.113544+00:00	GHSA Importer	Fixing	VCID-zha9-bprb-6ucp	https://github.com/advisories/GHSA-mrqg-xmgm-rc5g	38.4.0
2026-04-15T12:48:25.062846+00:00	GithubOSV Importer	Fixing	VCID-zha9-bprb-6ucp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-mrqg-xmgm-rc5g/GHSA-mrqg-xmgm-rc5g.json	38.4.0