Search for packages
| purl | pkg:alpm/archlinux/mediawiki@1.35.2-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1pw8-kzjs-aaah | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. |
CVE-2021-27291
GHSA-pq64-v7f5-gqh8 PYSEC-2021-141 |
| VCID-38ac-xq25-aaaq | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. |
CVE-2021-30157
|
| VCID-3bm7-tmfe-aaar | An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. |
CVE-2021-30458
GHSA-5pqx-77vf-85rw |
| VCID-3f62-6xn7-aaab | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. |
CVE-2021-20270
GHSA-9w8r-397f-prfh PYSEC-2021-140 |
| VCID-3wvj-4a66-aaaq | An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor. |
CVE-2021-30153
|
| VCID-b5eq-97nn-aaah | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. |
CVE-2021-30155
|
| VCID-mj69-gx7y-aaah | An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. |
CVE-2021-30152
|
| VCID-p4de-8vmj-aaah | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. |
CVE-2021-30158
|
| VCID-y6ym-xe1c-aaaq | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. |
CVE-2021-30154
|
| VCID-zyhx-9g42-aaae | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. |
CVE-2021-30159
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:46:37.899701+00:00 | Arch Linux Importer | Fixing | VCID-3f62-6xn7-aaab | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.870683+00:00 | Arch Linux Importer | Fixing | VCID-1pw8-kzjs-aaah | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.843662+00:00 | Arch Linux Importer | Fixing | VCID-mj69-gx7y-aaah | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.814505+00:00 | Arch Linux Importer | Fixing | VCID-3wvj-4a66-aaaq | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.784664+00:00 | Arch Linux Importer | Fixing | VCID-y6ym-xe1c-aaaq | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.754815+00:00 | Arch Linux Importer | Fixing | VCID-b5eq-97nn-aaah | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.726526+00:00 | Arch Linux Importer | Fixing | VCID-38ac-xq25-aaaq | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.707615+00:00 | Arch Linux Importer | Fixing | VCID-p4de-8vmj-aaah | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.689109+00:00 | Arch Linux Importer | Fixing | VCID-zyhx-9g42-aaae | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2025-03-28T07:46:37.670580+00:00 | Arch Linux Importer | Fixing | VCID-3bm7-tmfe-aaar | https://security.archlinux.org/AVG-1775 | 36.0.0 |
| 2024-09-18T02:01:57.963027+00:00 | Arch Linux Importer | Fixing | VCID-3f62-6xn7-aaab | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.938290+00:00 | Arch Linux Importer | Fixing | VCID-1pw8-kzjs-aaah | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.911025+00:00 | Arch Linux Importer | Fixing | VCID-mj69-gx7y-aaah | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.885583+00:00 | Arch Linux Importer | Fixing | VCID-3wvj-4a66-aaaq | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.858292+00:00 | Arch Linux Importer | Fixing | VCID-y6ym-xe1c-aaaq | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.834226+00:00 | Arch Linux Importer | Fixing | VCID-b5eq-97nn-aaah | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.812770+00:00 | Arch Linux Importer | Fixing | VCID-38ac-xq25-aaaq | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.791152+00:00 | Arch Linux Importer | Fixing | VCID-p4de-8vmj-aaah | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.769814+00:00 | Arch Linux Importer | Fixing | VCID-zyhx-9g42-aaae | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-09-18T02:01:57.748106+00:00 | Arch Linux Importer | Fixing | VCID-3bm7-tmfe-aaar | https://security.archlinux.org/AVG-1775 | 34.0.1 |
| 2024-01-03T22:28:01.677738+00:00 | Arch Linux Importer | Fixing | VCID-3f62-6xn7-aaab | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.658838+00:00 | Arch Linux Importer | Fixing | VCID-1pw8-kzjs-aaah | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.639843+00:00 | Arch Linux Importer | Fixing | VCID-mj69-gx7y-aaah | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.620870+00:00 | Arch Linux Importer | Fixing | VCID-3wvj-4a66-aaaq | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.602092+00:00 | Arch Linux Importer | Fixing | VCID-y6ym-xe1c-aaaq | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.583303+00:00 | Arch Linux Importer | Fixing | VCID-b5eq-97nn-aaah | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.564649+00:00 | Arch Linux Importer | Fixing | VCID-38ac-xq25-aaaq | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.545832+00:00 | Arch Linux Importer | Fixing | VCID-p4de-8vmj-aaah | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.524546+00:00 | Arch Linux Importer | Fixing | VCID-zyhx-9g42-aaae | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |
| 2024-01-03T22:28:01.502856+00:00 | Arch Linux Importer | Fixing | VCID-3bm7-tmfe-aaar | https://security.archlinux.org/AVG-1775 | 34.0.0rc1 |