VulnerableCode Package Details - pkg:composer/mediawiki/core@1.31.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5u5t-5h7j-vkd2	Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.	CVE-2019-12473 GHSA-33xw-x3pr-rvqj
VCID-a7y8-1zeh-5uaq	MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.	CVE-2019-12469 GHSA-x3fr-w7r5-x7rg
VCID-brw1-z6vq-hbdc	MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.	CVE-2019-12472 GHSA-7mqg-5fgh-xh4r
VCID-jpww-qv6m-m3eg	MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.	CVE-2019-12467 GHSA-6vfg-8ppv-h5hg
VCID-ptnd-8zfz-9kh8	Wikimedia MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.	CVE-2019-12468 GHSA-wrhx-3pxr-6vgg
VCID-qfs2-4jbr-dba6	MediaWiki Cross-site Scripting (XSS) Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.	CVE-2019-12471 GHSA-2rm7-xxx8-35jh
VCID-r4hn-68he-4qec	Wikimedia information leak vulnerability Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.	CVE-2019-12474 GHSA-2qrr-c2gh-pr35
VCID-ydvc-ykey-xugt	Wikimedia MediaWik exposed suppressed log in RevisionDelete page Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.	CVE-2019-12470 GHSA-733q-m38x-q7cc
VCID-yvs2-3ks2-pfh4	Wikimedia MediaWiki allows CSRF Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.	CVE-2019-12466 GHSA-27fw-r78j-h898

Vulnerability

Summary

Aliases

VCID-5u5t-5h7j-vkd2

Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

CVE-2019-12473
GHSA-33xw-x3pr-rvqj

VCID-a7y8-1zeh-5uaq

MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

CVE-2019-12469
GHSA-x3fr-w7r5-x7rg

VCID-brw1-z6vq-hbdc

MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

CVE-2019-12472
GHSA-7mqg-5fgh-xh4r

VCID-jpww-qv6m-m3eg

MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

CVE-2019-12467
GHSA-6vfg-8ppv-h5hg

VCID-ptnd-8zfz-9kh8

Wikimedia MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

CVE-2019-12468
GHSA-wrhx-3pxr-6vgg

VCID-qfs2-4jbr-dba6

MediaWiki Cross-site Scripting (XSS) Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

CVE-2019-12471
GHSA-2rm7-xxx8-35jh

VCID-r4hn-68he-4qec

Wikimedia information leak vulnerability Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

CVE-2019-12474
GHSA-2qrr-c2gh-pr35

VCID-ydvc-ykey-xugt

Wikimedia MediaWik exposed suppressed log in RevisionDelete page Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

CVE-2019-12470
GHSA-733q-m38x-q7cc

VCID-yvs2-3ks2-pfh4

Wikimedia MediaWiki allows CSRF Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature.

CVE-2019-12466
GHSA-27fw-r78j-h898

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T12:29:39.838595+00:00	GithubOSV Importer	Fixing	VCID-qfs2-4jbr-dba6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rm7-xxx8-35jh/GHSA-2rm7-xxx8-35jh.json	36.1.3
2025-07-01T12:29:35.594826+00:00	GithubOSV Importer	Fixing	VCID-a7y8-1zeh-5uaq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x3fr-w7r5-x7rg/GHSA-x3fr-w7r5-x7rg.json	36.1.3
2025-07-01T12:29:15.450762+00:00	GithubOSV Importer	Fixing	VCID-ptnd-8zfz-9kh8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wrhx-3pxr-6vgg/GHSA-wrhx-3pxr-6vgg.json	36.1.3
2025-07-01T12:28:26.242499+00:00	GithubOSV Importer	Fixing	VCID-jpww-qv6m-m3eg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6vfg-8ppv-h5hg/GHSA-6vfg-8ppv-h5hg.json	36.1.3
2025-07-01T12:27:35.349692+00:00	GithubOSV Importer	Fixing	VCID-brw1-z6vq-hbdc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7mqg-5fgh-xh4r/GHSA-7mqg-5fgh-xh4r.json	36.1.3
2025-07-01T12:27:20.866347+00:00	GithubOSV Importer	Fixing	VCID-ydvc-ykey-xugt	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-733q-m38x-q7cc/GHSA-733q-m38x-q7cc.json	36.1.3
2025-07-01T12:27:12.145427+00:00	GithubOSV Importer	Fixing	VCID-5u5t-5h7j-vkd2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-33xw-x3pr-rvqj/GHSA-33xw-x3pr-rvqj.json	36.1.3
2025-07-01T12:27:07.921861+00:00	GithubOSV Importer	Fixing	VCID-r4hn-68he-4qec	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2qrr-c2gh-pr35/GHSA-2qrr-c2gh-pr35.json	36.1.3
2025-07-01T12:25:47.283646+00:00	GithubOSV Importer	Fixing	VCID-yvs2-3ks2-pfh4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-27fw-r78j-h898/GHSA-27fw-r78j-h898.json	36.1.3