VulnerableCode Package Details - pkg:composer/mediawiki/core@1.36.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-aus1-t1px-aaar Aliases: CVE-2023-45363 GHSA-w5fx-cx7f-6vr9	An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.	1.39.5 Affected by 0 other vulnerabilities. 1.40.1 Affected by 0 other vulnerabilities.
VCID-vvnj-ee7s-aaaq Aliases: CVE-2023-37302 GHSA-fmrf-p77g-vv5c	An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).	1.39.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-aus1-t1px-aaar
Aliases:
CVE-2023-45363
GHSA-w5fx-cx7f-6vr9

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

1.39.5
Affected by 0 other vulnerabilities.

1.40.1
Affected by 0 other vulnerabilities.

VCID-vvnj-ee7s-aaaq
Aliases:
CVE-2023-37302
GHSA-fmrf-p77g-vv5c

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).

1.39.4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-ah5y-k5sb-aaap	MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.	CVE-2021-41800 GHSA-c8wv-qwwc-6j73

Vulnerability

Summary

Aliases

VCID-ah5y-k5sb-aaap

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.

CVE-2021-41800
GHSA-c8wv-qwwc-6j73

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:44:58.005380+00:00	GitLab Importer	Affected by	VCID-aus1-t1px-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	36.1.3
2025-06-20T15:47:31.721704+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	36.1.3
2025-06-03T23:23:06.734533+00:00	GitLab Importer	Affected by	VCID-aus1-t1px-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	36.1.0
2025-06-03T22:27:49.376400+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	36.1.0
2025-06-02T23:20:30.593013+00:00	GitLab Importer	Affected by	VCID-aus1-t1px-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	36.1.2
2025-06-02T22:16:56.929573+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	36.1.2
2025-04-03T21:39:00.331513+00:00	GitLab Importer	Affected by	VCID-aus1-t1px-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	36.0.0
2025-04-03T19:50:35.114800+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	36.0.0
2025-02-18T05:57:34.566273+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	35.1.0
2025-02-18T03:38:47.206678+00:00	GitLab Importer	Affected by	VCID-aus1-t1px-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	35.1.0
2024-11-21T02:15:00.860387+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	35.0.0
2024-11-21T00:58:28.716067+00:00	GitLab Importer	Affected by	VCID-aus1-t1px-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	35.0.0
2024-11-19T02:05:09.145186+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	34.3.2
2024-11-19T00:40:02.622611+00:00	GitLab Importer	Affected by	VCID-aus1-t1px-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml	34.3.2
2024-11-02T00:20:48.110901+00:00	GHSA Importer	Affected by	VCID-aus1-t1px-aaar	https://github.com/advisories/GHSA-w5fx-cx7f-6vr9	34.0.2
2024-10-15T18:52:38.953257+00:00	GithubOSV Importer	Fixing	VCID-ah5y-k5sb-aaap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c8wv-qwwc-6j73/GHSA-c8wv-qwwc-6j73.json	34.0.2
2024-10-08T02:32:40.584251+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	34.0.2
2024-10-07T19:51:26.467052+00:00	GHSA Importer	Fixing	VCID-ah5y-k5sb-aaap	https://github.com/advisories/GHSA-c8wv-qwwc-6j73	34.0.2
2024-09-18T09:12:13.548708+00:00	GithubOSV Importer	Fixing	VCID-ah5y-k5sb-aaap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c8wv-qwwc-6j73/GHSA-c8wv-qwwc-6j73.json	34.0.1
2024-09-17T22:34:56.316649+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	34.0.1
2024-09-17T22:09:25.266605+00:00	GHSA Importer	Fixing	VCID-ah5y-k5sb-aaap	https://github.com/advisories/GHSA-c8wv-qwwc-6j73	34.0.1
2024-04-24T05:03:06.996798+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	34.0.0rc4
2024-04-24T00:40:06.902370+00:00	GHSA Importer	Affected by	VCID-vvnj-ee7s-aaaq	None	34.0.0rc4
2024-04-23T23:07:33.038291+00:00	GithubOSV Importer	Fixing	VCID-ah5y-k5sb-aaap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c8wv-qwwc-6j73/GHSA-c8wv-qwwc-6j73.json	34.0.0rc4
2024-04-23T22:00:58.149378+00:00	GHSA Importer	Fixing	VCID-ah5y-k5sb-aaap	https://github.com/advisories/GHSA-c8wv-qwwc-6j73	34.0.0rc4
2024-02-02T15:35:38.655905+00:00	GitLab Importer	Fixing	VCID-ah5y-k5sb-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2021-41800.yml	34.0.0rc2
2024-02-01T23:57:58.980805+00:00	GHSA Importer	Fixing	VCID-ah5y-k5sb-aaap	https://github.com/advisories/GHSA-c8wv-qwwc-6j73	34.0.0rc2
2024-01-10T02:43:45.033394+00:00	GHSA Importer	Affected by	VCID-vvnj-ee7s-aaaq	None	34.0.0rc2

2025-06-20T16:44:58.005380+00:00

GitLab Importer

Affected by

VCID-aus1-t1px-aaar

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mediawiki/core/CVE-2023-45363.yml

36.1.3

2025-06-20T15:47:31.721704+00:00

GitLab Importer

Fixing

Next non-vulnerable version	1.39.5
Latest non-vulnerable version	1.40.1
Risk	4.0