Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mediawiki/core@1.31.0
Typecomposer
Namespacemediawiki
Namecore
Version1.31.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.31.1
Latest_non_vulnerable_version1.40.1
Affected_by_vulnerabilities
0
url VCID-5d6t-am8p-3kab
vulnerability_id VCID-5d6t-am8p-3kab
summary 
Mediawiki Improper Privilege Management
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3142
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3142
1
reference_url https://access.redhat.com/errata/RHSA-2019:3238
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3238
2
reference_url https://access.redhat.com/errata/RHSA-2019:3813
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3813
3
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
url https://github.com/wikimedia/mediawiki
4
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
reference_id
reference_type
scores
url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
5
reference_url https://phabricator.wikimedia.org/T169545
reference_id
reference_type
scores
url https://phabricator.wikimedia.org/T169545
6
reference_url https://www.debian.org/security/2018/dsa-4301
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4301
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0503
reference_id CVE-2018-0503
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0503
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml
reference_id CVE-2018-0503.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml
9
reference_url https://github.com/advisories/GHSA-mhfv-9h99-jwg7
reference_id GHSA-mhfv-9h99-jwg7
reference_type
scores
url https://github.com/advisories/GHSA-mhfv-9h99-jwg7
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.1
purl pkg:composer/mediawiki/core@1.31.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1
aliases CVE-2018-0503, GHSA-mhfv-9h99-jwg7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5d6t-am8p-3kab
1
url VCID-cdzw-fsu7-5ybt
vulnerability_id VCID-cdzw-fsu7-5ybt
summary 
Mediawiki BotPassword can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3142
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3142
1
reference_url https://access.redhat.com/errata/RHSA-2019:3238
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3238
2
reference_url https://access.redhat.com/errata/RHSA-2019:3813
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3813
3
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
url https://github.com/wikimedia/mediawiki
4
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
reference_id
reference_type
scores
url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
5
reference_url https://phabricator.wikimedia.org/T194605
reference_id
reference_type
scores
url https://phabricator.wikimedia.org/T194605
6
reference_url https://www.debian.org/security/2018/dsa-4301
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4301
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0505
reference_id CVE-2018-0505
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0505
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml
reference_id CVE-2018-0505.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0505.yaml
9
reference_url https://github.com/advisories/GHSA-5c6w-f4w2-2grp
reference_id GHSA-5c6w-f4w2-2grp
reference_type
scores
url https://github.com/advisories/GHSA-5c6w-f4w2-2grp
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.1
purl pkg:composer/mediawiki/core@1.31.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1
aliases CVE-2018-0505, GHSA-5c6w-f4w2-2grp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzw-fsu7-5ybt
2
url VCID-dqvd-5d51-sbge
vulnerability_id VCID-dqvd-5d51-sbge
summary 
Mediawiki information disclosure vulnerability
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3238
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3238
1
reference_url https://access.redhat.com/errata/RHSA-2019:3813
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3813
2
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
url https://github.com/wikimedia/mediawiki
3
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
reference_id
reference_type
scores
url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
4
reference_url https://phabricator.wikimedia.org/T187638
reference_id
reference_type
scores
url https://phabricator.wikimedia.org/T187638
5
reference_url https://www.debian.org/security/2018/dsa-4301
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4301
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0504
reference_id CVE-2018-0504
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0504
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml
reference_id CVE-2018-0504.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0504.yaml
8
reference_url https://github.com/advisories/GHSA-hr8v-f4g2-p66f
reference_id GHSA-hr8v-f4g2-p66f
reference_type
scores
url https://github.com/advisories/GHSA-hr8v-f4g2-p66f
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.1
purl pkg:composer/mediawiki/core@1.31.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1
aliases CVE-2018-0504, GHSA-hr8v-f4g2-p66f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqvd-5d51-sbge
3
url VCID-jrkr-nf43-6fa9
vulnerability_id VCID-jrkr-nf43-6fa9
summary 
Mediawiki tarball is missing .htaccess files
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
references
0
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
url https://github.com/wikimedia/mediawiki
1
reference_url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
reference_id
reference_type
scores
url https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
2
reference_url https://phabricator.wikimedia.org/T199029
reference_id
reference_type
scores
url https://phabricator.wikimedia.org/T199029
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13258
reference_id CVE-2018-13258
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-13258
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-13258.yaml
reference_id CVE-2018-13258.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-13258.yaml
5
reference_url https://github.com/advisories/GHSA-2c28-7gwv-cpgf
reference_id GHSA-2c28-7gwv-cpgf
reference_type
scores
url https://github.com/advisories/GHSA-2c28-7gwv-cpgf
fixed_packages
0
url pkg:composer/mediawiki/core@1.31.1
purl pkg:composer/mediawiki/core@1.31.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1
aliases CVE-2018-13258, GHSA-2c28-7gwv-cpgf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrkr-nf43-6fa9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.0