FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.10
mediawiki138 < 1.38.6
mediawiki139 < 1.39.3


VuXML ID 466ba8bd-d033-11ed-addf-080027eda32c
Discovery 2020-04-02
Entry 2023-04-01

Mediawikwi reports:

(T285159, CVE-2023-PENDING) SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses.

(T326946, CVE-2020-36649) SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos.

(T330086, CVE-2023-PENDING) SECURITY: OATHAuth allows replay attacks when MediaWiki is configured without ObjectCache; Insecure Default Configuration.


CVE Name CVE-2020-36649