VulnerableCode Package Details - pkg:alpm/archlinux/mediawiki@1.38.2-1

Search for packages

Package details: pkg:alpm/archlinux/mediawiki@1.38.2-1

Essentials
History (42)

purl	pkg:alpm/archlinux/mediawiki@1.38.2-1

Next non-vulnerable version	1.38.3-1
Latest non-vulnerable version	1.38.3-1
Risk	4.0

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-1ut1-kx68-aaab Aliases: CVE-2022-28203	A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-7ufk-791q-aaae Aliases: CVE-2022-31090 GHSA-25mq-v84q-4j7r GMS-2022-2528	CURLOPT_HTTPAUTH option not cleared on change of origin	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-7ycs-sa7m-aaar Aliases: CVE-2022-31042 GHSA-f2wf-25xc-69c9	Failure to strip the Cookie header on change in host or HTTP downgrade	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-9u66-uk51-aaak Aliases: CVE-2022-34912	An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-a3hy-ceqf-aaaq Aliases: CVE-2022-31043 GHSA-w248-ffj2-4v5q	Fix failure to strip Authorization header on HTTP downgrade	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-egth-zjt7-aaab Aliases: CVE-2021-44856	An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-f89j-dkdk-aaah Aliases: CVE-2022-41765	An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-gbqb-um5f-aaac Aliases: CVE-2022-41767	An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-m8vg-2sz1-aaas Aliases: CVE-2021-44855	An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-pb6q-3j39-aaaf Aliases: CVE-2021-44854	An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-qy5g-zjex-aaan Aliases: CVE-2022-29248 GHSA-cwmx-hcrq-mhc3	Cross-domain cookie leakage in Guzzle	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-tr2g-xya5-aaaj Aliases: CVE-2022-28201	An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-ycgv-unnm-aaag Aliases: CVE-2022-31091 GHSA-q559-8m2m-g699 GMS-2022-2529	Change in port should be considered a change in origin	1.38.3-1 Affected by 0 other vulnerabilities.
VCID-zh8q-p26k-aaas Aliases: CVE-2022-34911	An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().	1.38.3-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:01.151537+00:00	Arch Linux Importer	Affected by	VCID-pb6q-3j39-aaaf	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:01.120919+00:00	Arch Linux Importer	Affected by	VCID-m8vg-2sz1-aaas	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:01.089600+00:00	Arch Linux Importer	Affected by	VCID-egth-zjt7-aaab	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:01.059683+00:00	Arch Linux Importer	Affected by	VCID-tr2g-xya5-aaaj	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:01.030663+00:00	Arch Linux Importer	Affected by	VCID-1ut1-kx68-aaab	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.999641+00:00	Arch Linux Importer	Affected by	VCID-qy5g-zjex-aaan	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.968698+00:00	Arch Linux Importer	Affected by	VCID-7ycs-sa7m-aaar	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.937723+00:00	Arch Linux Importer	Affected by	VCID-a3hy-ceqf-aaaq	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.907019+00:00	Arch Linux Importer	Affected by	VCID-7ufk-791q-aaae	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.877628+00:00	Arch Linux Importer	Affected by	VCID-ycgv-unnm-aaag	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.848851+00:00	Arch Linux Importer	Affected by	VCID-zh8q-p26k-aaas	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.819832+00:00	Arch Linux Importer	Affected by	VCID-9u66-uk51-aaak	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.789221+00:00	Arch Linux Importer	Affected by	VCID-f89j-dkdk-aaah	https://security.archlinux.org/AVG-2823	36.0.0
2025-03-28T07:44:00.762426+00:00	Arch Linux Importer	Affected by	VCID-gbqb-um5f-aaac	https://security.archlinux.org/AVG-2823	36.0.0
2024-09-18T01:59:09.419650+00:00	Arch Linux Importer	Affected by	VCID-pb6q-3j39-aaaf	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.396651+00:00	Arch Linux Importer	Affected by	VCID-m8vg-2sz1-aaas	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.374142+00:00	Arch Linux Importer	Affected by	VCID-egth-zjt7-aaab	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.352415+00:00	Arch Linux Importer	Affected by	VCID-tr2g-xya5-aaaj	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.328008+00:00	Arch Linux Importer	Affected by	VCID-1ut1-kx68-aaab	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.301754+00:00	Arch Linux Importer	Affected by	VCID-qy5g-zjex-aaan	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.276623+00:00	Arch Linux Importer	Affected by	VCID-7ycs-sa7m-aaar	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.253613+00:00	Arch Linux Importer	Affected by	VCID-a3hy-ceqf-aaaq	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.225243+00:00	Arch Linux Importer	Affected by	VCID-7ufk-791q-aaae	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.200445+00:00	Arch Linux Importer	Affected by	VCID-ycgv-unnm-aaag	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.176151+00:00	Arch Linux Importer	Affected by	VCID-zh8q-p26k-aaas	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.149642+00:00	Arch Linux Importer	Affected by	VCID-9u66-uk51-aaak	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.122572+00:00	Arch Linux Importer	Affected by	VCID-f89j-dkdk-aaah	https://security.archlinux.org/AVG-2823	34.0.1
2024-09-18T01:59:09.100856+00:00	Arch Linux Importer	Affected by	VCID-gbqb-um5f-aaac	https://security.archlinux.org/AVG-2823	34.0.1
2024-01-03T22:25:27.277807+00:00	Arch Linux Importer	Affected by	VCID-pb6q-3j39-aaaf	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.256078+00:00	Arch Linux Importer	Affected by	VCID-m8vg-2sz1-aaas	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.232247+00:00	Arch Linux Importer	Affected by	VCID-egth-zjt7-aaab	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.210321+00:00	Arch Linux Importer	Affected by	VCID-tr2g-xya5-aaaj	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.188396+00:00	Arch Linux Importer	Affected by	VCID-1ut1-kx68-aaab	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.168969+00:00	Arch Linux Importer	Affected by	VCID-qy5g-zjex-aaan	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.149742+00:00	Arch Linux Importer	Affected by	VCID-7ycs-sa7m-aaar	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.130454+00:00	Arch Linux Importer	Affected by	VCID-a3hy-ceqf-aaaq	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.111300+00:00	Arch Linux Importer	Affected by	VCID-7ufk-791q-aaae	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.091987+00:00	Arch Linux Importer	Affected by	VCID-ycgv-unnm-aaag	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.072550+00:00	Arch Linux Importer	Affected by	VCID-zh8q-p26k-aaas	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.052583+00:00	Arch Linux Importer	Affected by	VCID-9u66-uk51-aaak	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.032461+00:00	Arch Linux Importer	Affected by	VCID-f89j-dkdk-aaah	https://security.archlinux.org/AVG-2823	34.0.0rc1
2024-01-03T22:25:27.012975+00:00	Arch Linux Importer	Affected by	VCID-gbqb-um5f-aaac	https://security.archlinux.org/AVG-2823	34.0.0rc1