Search for packages
| purl | pkg:composer/mediawiki/core@1.27.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3fpn-et48-sqed
Aliases: CVE-2018-0503 GHSA-mhfv-9h99-jwg7 |
multiple issues |
Affected by 14 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-4216-ztjb-hke8
Aliases: CVE-2020-15005 GHSA-xpv7-93cm-4mxv |
img_auth.php may leak private extension images into the public cache In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. |
Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-5u5t-5h7j-vkd2
Aliases: CVE-2019-12473 GHSA-33xw-x3pr-rvqj |
Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-6nc9-g17a-ykds
Aliases: CVE-2021-41800 GHSA-c8wv-qwwc-6j73 |
multiple issues |
Affected by 1 other vulnerability. |
|
VCID-a7y8-1zeh-5uaq
Aliases: CVE-2019-12469 GHSA-x3fr-w7r5-x7rg |
MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-brw1-z6vq-hbdc
Aliases: CVE-2019-12472 GHSA-7mqg-5fgh-xh4r |
MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-ezum-tdjw-mbap
Aliases: CVE-2023-29141 GHSA-5vj8-g3qg-4qh6 |
X-Forwarded-For header allows brute-forcing autoblocked IP addresses An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-h16t-us1p-93ga
Aliases: CVE-2018-0504 GHSA-hr8v-f4g2-p66f |
Mediawiki information disclosure vulnerability Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid |
Affected by 14 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-jpww-qv6m-m3eg
Aliases: CVE-2019-12467 GHSA-6vfg-8ppv-h5hg |
MediaWiki Incorrect Access Control vulnerability MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-ph5q-kshb-bqb7
Aliases: CVE-2020-10959 GHSA-mqhw-wq8p-vf5r |
MediaWiki Open Redirect vulnerability resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. |
Affected by 9 other vulnerabilities. |
|
VCID-ptnd-8zfz-9kh8
Aliases: CVE-2019-12468 GHSA-wrhx-3pxr-6vgg |
Wikimedia MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-qfs2-4jbr-dba6
Aliases: CVE-2019-12471 GHSA-2rm7-xxx8-35jh |
MediaWiki Cross-site Scripting (XSS) Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-r4hn-68he-4qec
Aliases: CVE-2019-12474 GHSA-2qrr-c2gh-pr35 |
Wikimedia information leak vulnerability Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-rxjs-5p57-wbh1
Aliases: CVE-2023-45363 GHSA-w5fx-cx7f-6vr9 |
MediaWiki Denial of Service vulnerability An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ydvc-ykey-xugt
Aliases: CVE-2019-12470 GHSA-733q-m38x-q7cc |
Wikimedia MediaWik exposed suppressed log in RevisionDelete page Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-yhmg-2d31-63c3
Aliases: CVE-2018-0505 GHSA-5c6w-f4w2-2grp |
multiple issues |
Affected by 14 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-yvs2-3ks2-pfh4
Aliases: CVE-2019-12466 GHSA-27fw-r78j-h898 |
Wikimedia MediaWiki allows CSRF Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||