FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.6
mediawiki136 < 1.36.4
mediawiki137 < 1.37.2

Details

VuXML ID 79ea6066-b40e-11ec-8b93-080027b24e86
Discovery 2021-12-12
Entry 2022-04-04

Mediawiki reports:

(T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete.

(T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki.

(T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS.

(T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages.

[source]

References

CVE Name CVE-2022-28201
CVE Name CVE-2022-28202
CVE Name CVE-2022-28203
CVE Name CVE-2022-28204
URL https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.