Search for packages
| purl | pkg:alpm/archlinux/mediawiki@1.38.3-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1ut1-kx68-aaab | A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. |
CVE-2022-28203
|
| VCID-7ufk-791q-aaae | CURLOPT_HTTPAUTH option not cleared on change of origin |
CVE-2022-31090
GHSA-25mq-v84q-4j7r GMS-2022-2528 |
| VCID-7ycs-sa7m-aaar | Failure to strip the Cookie header on change in host or HTTP downgrade |
CVE-2022-31042
GHSA-f2wf-25xc-69c9 |
| VCID-9u66-uk51-aaak | An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. |
CVE-2022-34912
|
| VCID-a3hy-ceqf-aaaq | Fix failure to strip Authorization header on HTTP downgrade |
CVE-2022-31043
GHSA-w248-ffj2-4v5q |
| VCID-egth-zjt7-aaab | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value. |
CVE-2021-44856
|
| VCID-f89j-dkdk-aaah | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users. |
CVE-2022-41765
|
| VCID-gbqb-um5f-aaac | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. |
CVE-2022-41767
|
| VCID-m8vg-2sz1-aaas | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. |
CVE-2021-44855
|
| VCID-pb6q-3j39-aaaf | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. |
CVE-2021-44854
|
| VCID-qy5g-zjex-aaan | Cross-domain cookie leakage in Guzzle |
CVE-2022-29248
GHSA-cwmx-hcrq-mhc3 |
| VCID-tr2g-xya5-aaaj | An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. |
CVE-2022-28201
|
| VCID-ycgv-unnm-aaag | Change in port should be considered a change in origin |
CVE-2022-31091
GHSA-q559-8m2m-g699 GMS-2022-2529 |
| VCID-zh8q-p26k-aaas | An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). |
CVE-2022-34911
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:44:01.156580+00:00 | Arch Linux Importer | Fixing | VCID-pb6q-3j39-aaaf | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:01.126583+00:00 | Arch Linux Importer | Fixing | VCID-m8vg-2sz1-aaas | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:01.095709+00:00 | Arch Linux Importer | Fixing | VCID-egth-zjt7-aaab | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:01.064590+00:00 | Arch Linux Importer | Fixing | VCID-tr2g-xya5-aaaj | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:01.035498+00:00 | Arch Linux Importer | Fixing | VCID-1ut1-kx68-aaab | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:01.005611+00:00 | Arch Linux Importer | Fixing | VCID-qy5g-zjex-aaan | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.974801+00:00 | Arch Linux Importer | Fixing | VCID-7ycs-sa7m-aaar | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.943741+00:00 | Arch Linux Importer | Fixing | VCID-a3hy-ceqf-aaaq | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.913138+00:00 | Arch Linux Importer | Fixing | VCID-7ufk-791q-aaae | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.882094+00:00 | Arch Linux Importer | Fixing | VCID-ycgv-unnm-aaag | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.853804+00:00 | Arch Linux Importer | Fixing | VCID-zh8q-p26k-aaas | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.824660+00:00 | Arch Linux Importer | Fixing | VCID-9u66-uk51-aaak | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.795270+00:00 | Arch Linux Importer | Fixing | VCID-f89j-dkdk-aaah | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2025-03-28T07:44:00.766505+00:00 | Arch Linux Importer | Fixing | VCID-gbqb-um5f-aaac | https://security.archlinux.org/AVG-2823 | 36.0.0 |
| 2024-09-18T01:59:09.424684+00:00 | Arch Linux Importer | Fixing | VCID-pb6q-3j39-aaaf | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.401469+00:00 | Arch Linux Importer | Fixing | VCID-m8vg-2sz1-aaas | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.378937+00:00 | Arch Linux Importer | Fixing | VCID-egth-zjt7-aaab | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.356817+00:00 | Arch Linux Importer | Fixing | VCID-tr2g-xya5-aaaj | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.332893+00:00 | Arch Linux Importer | Fixing | VCID-1ut1-kx68-aaab | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.306639+00:00 | Arch Linux Importer | Fixing | VCID-qy5g-zjex-aaan | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.281434+00:00 | Arch Linux Importer | Fixing | VCID-7ycs-sa7m-aaar | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.258501+00:00 | Arch Linux Importer | Fixing | VCID-a3hy-ceqf-aaaq | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.230444+00:00 | Arch Linux Importer | Fixing | VCID-7ufk-791q-aaae | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.206112+00:00 | Arch Linux Importer | Fixing | VCID-ycgv-unnm-aaag | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.181363+00:00 | Arch Linux Importer | Fixing | VCID-zh8q-p26k-aaas | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.155120+00:00 | Arch Linux Importer | Fixing | VCID-9u66-uk51-aaak | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.127802+00:00 | Arch Linux Importer | Fixing | VCID-f89j-dkdk-aaah | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-09-18T01:59:09.106158+00:00 | Arch Linux Importer | Fixing | VCID-gbqb-um5f-aaac | https://security.archlinux.org/AVG-2823 | 34.0.1 |
| 2024-01-03T22:25:27.282498+00:00 | Arch Linux Importer | Fixing | VCID-pb6q-3j39-aaaf | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.260815+00:00 | Arch Linux Importer | Fixing | VCID-m8vg-2sz1-aaas | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.236995+00:00 | Arch Linux Importer | Fixing | VCID-egth-zjt7-aaab | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.215054+00:00 | Arch Linux Importer | Fixing | VCID-tr2g-xya5-aaaj | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.193275+00:00 | Arch Linux Importer | Fixing | VCID-1ut1-kx68-aaab | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.173755+00:00 | Arch Linux Importer | Fixing | VCID-qy5g-zjex-aaan | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.154402+00:00 | Arch Linux Importer | Fixing | VCID-7ycs-sa7m-aaar | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.135161+00:00 | Arch Linux Importer | Fixing | VCID-a3hy-ceqf-aaaq | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.116017+00:00 | Arch Linux Importer | Fixing | VCID-7ufk-791q-aaae | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.096712+00:00 | Arch Linux Importer | Fixing | VCID-ycgv-unnm-aaag | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.077305+00:00 | Arch Linux Importer | Fixing | VCID-zh8q-p26k-aaas | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.057477+00:00 | Arch Linux Importer | Fixing | VCID-9u66-uk51-aaak | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.037468+00:00 | Arch Linux Importer | Fixing | VCID-f89j-dkdk-aaah | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |
| 2024-01-03T22:25:27.017832+00:00 | Arch Linux Importer | Fixing | VCID-gbqb-um5f-aaac | https://security.archlinux.org/AVG-2823 | 34.0.0rc1 |