Security Advisories - mediawiki/core - Packagist

mediawiki/core Security Advisories for 1.29.0 (4)

[MEDIUM] MediaWiki allows a denial of service

PKSA-qcmj-k84v-rjky CVE-2021-41800 GHSA-c8wv-qwwc-6j73

Affected version: <1.36.2

Reported by:
GitHub
$wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'

PKSA-zbzt-cmt6-4sc8 CVE-2018-0503

Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1

Reported by:
FriendsOfPHP/security-advisories
BotPassword can bypass CentralAuth's account lock

PKSA-rr5m-4z44-9fg2 CVE-2018-0505

Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1

Reported by:
FriendsOfPHP/security-advisories
When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information

PKSA-63nj-9fx8-gscb CVE-2018-0504

Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1

Reported by:
FriendsOfPHP/security-advisories