Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/300578?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/300578?format=api", "purl": "pkg:composer/mediawiki/core@1.29.2", "type": "composer", "namespace": "mediawiki", "name": "core", "version": "1.29.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.35.12", "latest_non_vulnerable_version": "1.40.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17014?format=api", "vulnerability_id": "VCID-7eba-7gsc-hbfg", "summary": "X-Forwarded-For header allows brute-forcing autoblocked IP addresses\nAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48401", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52518", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52555", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52545", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52594", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7" }, { "reference_url": "https://phabricator.wikimedia.org/T285159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://phabricator.wikimedia.org/T285159" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5447", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5447" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6" }, { "reference_url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627", "reference_id": "2183627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183627" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141", "reference_id": "CVE-2023-29141", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29141" }, { "reference_url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6", "reference_id": "GHSA-5vj8-g3qg-4qh6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vj8-g3qg-4qh6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/", "reference_id": "ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/", "reference_id": "ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-18T16:02:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56710?format=api", "purl": "pkg:composer/mediawiki/core@1.35.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/56709?format=api", "purl": "pkg:composer/mediawiki/core@1.38.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/56708?format=api", "purl": "pkg:composer/mediawiki/core@1.39.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3" } ], "aliases": [ "CVE-2023-29141", "GHSA-5vj8-g3qg-4qh6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55279?format=api", "vulnerability_id": "VCID-9qyu-z71g-1qbq", "summary": "MediaWiki Open Redirect vulnerability\nresources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5065", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50622", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50701", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50657", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5075", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50752", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50738", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50687", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50695", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10959" }, { "reference_url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-10959.yaml" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/d4a552e65bdfd7309a9b8537e9dbe69c5e2991eb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10959", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10959" }, { "reference_url": "https://phabricator.wikimedia.org/T232932", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T232932" }, { "reference_url": "https://phabricator.wikimedia.org/T240393", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T240393" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826079", "reference_id": "1826079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826079" }, { "reference_url": "https://github.com/advisories/GHSA-mqhw-wq8p-vf5r", "reference_id": "GHSA-mqhw-wq8p-vf5r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqhw-wq8p-vf5r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82439?format=api", "purl": "pkg:composer/mediawiki/core@1.34.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.0-rc.0" } ], "aliases": [ "CVE-2020-10959", "GHSA-mqhw-wq8p-vf5r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyu-z71g-1qbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19329?format=api", "vulnerability_id": "VCID-jm7q-2w3j-buhh", "summary": "MediaWiki Denial of Service vulnerability\nAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93463", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93467", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93464", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93458", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93452", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93427", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11025", "scoring_system": "epss", "scoring_elements": "0.93407", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/24c3ef2474c6daa20ed48168d46196a55346dfd8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" }, { "reference_url": "https://phabricator.wikimedia.org/T333050", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://phabricator.wikimedia.org/T333050" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363", "reference_id": "CVE-2023-45363", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45363" }, { "reference_url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9", "reference_id": "GHSA-w5fx-cx7f-6vr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w5fx-cx7f-6vr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60391?format=api", "purl": "pkg:composer/mediawiki/core@1.35.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/60392?format=api", "purl": "pkg:composer/mediawiki/core@1.39.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60393?format=api", "purl": "pkg:composer/mediawiki/core@1.40.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.40.1" } ], "aliases": [ "CVE-2023-45363", "GHSA-w5fx-cx7f-6vr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14728?format=api", "vulnerability_id": "VCID-sf61-byhw-17gv", "summary": "Mediawiki Improper Privilege Management\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59608", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59621", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59601", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59631", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59647", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59493", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59607", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59627", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59643", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59624", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T169545", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T169545" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634161", "reference_id": "1634161", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634161" }, { "reference_url": "https://security.archlinux.org/ASA-201809-5", "reference_id": "ASA-201809-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-5" }, { "reference_url": "https://security.archlinux.org/AVG-765", "reference_id": "AVG-765", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503", "reference_id": "CVE-2018-0503", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml", "reference_id": "CVE-2018-0503.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-mhfv-9h99-jwg7", "reference_id": "GHSA-mhfv-9h99-jwg7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhfv-9h99-jwg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50915?format=api", "purl": "pkg:composer/mediawiki/core@1.29.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/50916?format=api", "purl": "pkg:composer/mediawiki/core@1.30.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50917?format=api", "purl": "pkg:composer/mediawiki/core@1.31.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1" } ], "aliases": [ "CVE-2018-0503", "GHSA-mhfv-9h99-jwg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sf61-byhw-17gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14512?format=api", "vulnerability_id": "VCID-v27j-4pnt-n7h9", "summary": "Mediawiki BotPassword can bypass CentralAuth's account lock\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62397", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62474", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62477", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6245", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62466", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.6246", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62411", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62309", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62362", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62367", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62437", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62447", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62428", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T194605", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T194605" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634166", "reference_id": "1634166", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634166" }, { "reference_url": "https://security.archlinux.org/ASA-201809-5", "reference_id": "ASA-201809-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-5" }, { "reference_url": "https://security.archlinux.org/AVG-765", "reference_id": "AVG-765", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505", "reference_id": "CVE-2018-0505", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml", "reference_id": "CVE-2018-0505.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-5c6w-f4w2-2grp", "reference_id": "GHSA-5c6w-f4w2-2grp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5c6w-f4w2-2grp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50915?format=api", "purl": "pkg:composer/mediawiki/core@1.29.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/50916?format=api", "purl": "pkg:composer/mediawiki/core@1.30.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50917?format=api", "purl": "pkg:composer/mediawiki/core@1.31.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1" } ], "aliases": [ "CVE-2018-0505", "GHSA-5c6w-f4w2-2grp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v27j-4pnt-n7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14846?format=api", "vulnerability_id": "VCID-w3f8-nrqd-p7gq", "summary": "Mediawiki information disclosure vulnerability\nMediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3238", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3813", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3813" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81353", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81387", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81382", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81375", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81733", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81702", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81713", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81736", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.8176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81805", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81804", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81767", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81772", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81784", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.81765", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html" }, { "reference_url": "https://phabricator.wikimedia.org/T187638", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T187638" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4301" }, { "reference_url": "http://www.securitytracker.com/id/1041695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634168", "reference_id": "1634168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634168" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504", "reference_id": "CVE-2018-0504", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml", "reference_id": "CVE-2018-0504.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hr8v-f4g2-p66f", "reference_id": "GHSA-hr8v-f4g2-p66f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hr8v-f4g2-p66f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50915?format=api", "purl": "pkg:composer/mediawiki/core@1.29.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/50916?format=api", "purl": "pkg:composer/mediawiki/core@1.30.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50917?format=api", "purl": "pkg:composer/mediawiki/core@1.31.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1697-p35n-fber" }, { "vulnerability": "VCID-1866-gt2g-1qfv" }, { "vulnerability": "VCID-4keq-jcfa-13hc" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-bbef-akjp-a3gp" }, { "vulnerability": "VCID-gma6-b9cy-kqee" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-kjp3-cs2f-t7b4" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-qmx3-kcnd-zuhe" }, { "vulnerability": "VCID-t6w8-cgct-gbgz" }, { "vulnerability": "VCID-tq2e-c9ym-a3hj" }, { "vulnerability": "VCID-u2xc-ztge-p3bv" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-yr8d-347g-pugg" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" }, { "vulnerability": "VCID-zgdf-mxfn-gbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1" } ], "aliases": [ "CVE-2018-0504", "GHSA-hr8v-f4g2-p66f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3f8-nrqd-p7gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31063?format=api", "vulnerability_id": "VCID-z9d9-aer5-gfa9", "summary": "Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38933", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39016", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39035", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3925", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39337", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39359", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39342", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39164", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801" }, { "reference_url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5" }, { "reference_url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41800" }, { "reference_url": "https://phabricator.wikimedia.org/T284419", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T284419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517", "reference_id": "2009517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009517" }, { "reference_url": "https://security.archlinux.org/AVG-2434", "reference_id": "AVG-2434", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2434" }, { "reference_url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73", "reference_id": "GHSA-c8wv-qwwc-6j73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wv-qwwc-6j73" }, { "reference_url": "https://security.gentoo.org/glsa/202305-24", "reference_id": "GLSA-202305-24", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83531?format=api", "purl": "pkg:composer/mediawiki/core@1.36.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jm7q-2w3j-buhh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.36.2" } ], "aliases": [ "CVE-2021-41800", "GHSA-c8wv-qwwc-6j73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59788?format=api", "vulnerability_id": "VCID-zgdf-mxfn-gbea", "summary": "img_auth.php may leak private extension images into the public cache\nIn MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72916", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72811", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72825", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72833", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72918", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72909", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72868", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72866", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72768", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72824", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72796", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72773", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33" }, { "reference_url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34" }, { "reference_url": "https://github.com/wikimedia/mediawiki", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wikimedia/mediawiki" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H" }, { "reference_url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15005" }, { "reference_url": "https://phabricator.wikimedia.org/T248947", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://phabricator.wikimedia.org/T248947" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4767", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026", "reference_id": "1851026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851026" }, { "reference_url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv", "reference_id": "GHSA-xpv7-93cm-4mxv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpv7-93cm-4mxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84692?format=api", "purl": "pkg:composer/mediawiki/core@1.31.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84693?format=api", "purl": "pkg:composer/mediawiki/core@1.33.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-9qyu-z71g-1qbq" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.33.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84694?format=api", "purl": "pkg:composer/mediawiki/core@1.34.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-424y-cjxg-c7az" }, { "vulnerability": "VCID-7eba-7gsc-hbfg" }, { "vulnerability": "VCID-arzd-7xhw-qqb4" }, { "vulnerability": "VCID-azup-qzq7-sbh6" }, { "vulnerability": "VCID-h8jw-brz8-hkfn" }, { "vulnerability": "VCID-jm7q-2w3j-buhh" }, { "vulnerability": "VCID-pm5t-23j4-6yh6" }, { "vulnerability": "VCID-ujdn-y48t-pbch" }, { "vulnerability": "VCID-z9d9-aer5-gfa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.2" } ], "aliases": [ "CVE-2020-15005", "GHSA-xpv7-93cm-4mxv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgdf-mxfn-gbea" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.29.2" }