mediawiki/core Security Advisories for 1.21.4 (5)
-
[HIGH] MediaWiki Denial of Service vulnerability
PKSA-wzph-c8jf-dsw9 CVE-2023-45363 GHSA-w5fx-cx7f-6vr9
Affected version: =1.40.0|>=1.36.0,<1.39.5|<1.35.12
Reported by:
GitHub -
[CRITICAL] X-Forwarded-For header allows brute-forcing autoblocked IP addresses
PKSA-sywz-vkhh-67ff CVE-2023-29141 GHSA-5vj8-g3qg-4qh6
Affected version: <1.35.10|>=1.38.0,<1.38.6|>=1.39.0,<1.39.3
Reported by:
GitHub -
[MEDIUM] MediaWiki allows a denial of service
PKSA-qcmj-k84v-rjky CVE-2021-41800 GHSA-c8wv-qwwc-6j73
Affected version: <1.36.2
Reported by:
GitHub -
[MEDIUM] img_auth.php may leak private extension images into the public cache
PKSA-ddy8-wbbj-hqfh CVE-2020-15005 GHSA-xpv7-93cm-4mxv
Affected version: >=1.34.0,<1.34.2|>=1.32.0,<1.33.4|<1.31.8
Reported by:
GitHub -
[MEDIUM] Cross-site scripting vulnerability in includes/actions/InfoAction.php
PKSA-49wy-8gk2-shd7 CVE-2014-2853 GHSA-6h86-9r5g-f2h5
Affected version: >=1.22.0,<1.22.6|<1.21.9
Reported by:
GitHub