FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.10
mediawiki138 < 1.38.6
mediawiki139 < 1.39.3

Details

VuXML ID 466ba8bd-d033-11ed-addf-080027eda32c
Discovery 2020-04-02
Entry 2023-04-01

Mediawikwi reports:

(T285159, CVE-2023-PENDING) SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses.

(T326946, CVE-2020-36649) SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos.

(T330086, CVE-2023-PENDING) SECURITY: OATHAuth allows replay attacks when MediaWiki is configured without ObjectCache; Insecure Default Configuration.

[source]

References

CVE Name CVE-2020-36649
URL https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.