mediawiki/core Security Advisories for 1.29.0 (5)
-
[HIGH] MediaWiki Denial of Service vulnerability
PKSA-wzph-c8jf-dsw9 CVE-2023-45363 GHSA-w5fx-cx7f-6vr9
Affected version: =1.40.0|>=1.36.0,<1.39.5|<1.35.12
Reported by:
GitHub -
[MEDIUM] MediaWiki allows a denial of service
PKSA-qcmj-k84v-rjky CVE-2021-41800 GHSA-c8wv-qwwc-6j73
Affected version: <1.36.2
Reported by:
GitHub -
[MEDIUM] $wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'
PKSA-zbzt-cmt6-4sc8 CVE-2018-0503 GHSA-mhfv-9h99-jwg7
Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] BotPassword can bypass CentralAuth's account lock
PKSA-rr5m-4z44-9fg2 CVE-2018-0505 GHSA-5c6w-f4w2-2grp
Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information
PKSA-63nj-9fx8-gscb CVE-2018-0504 GHSA-hr8v-f4g2-p66f
Affected version: >=1.27.0,<1.27.5|>=1.29.0,<1.29.3|>=1.30.0,<1.30.1|>=1.31.0,<1.31.1
Reported by:
GitHub, FriendsOfPHP/security-advisories