[FREEBSD:5AB54EA0-FA94-11EC-996C-080027B24E86] mediawiki -- multiple vulnerabilities
Severity
High
Affected Packages
3
CVEs
2
Mediawiki reports:
(T308471) Username is not escaped in the "welcomeuser" message.
(T308473) Username not escaped in the contributions-title message.
(T309377, CVE-2022-29248) Update "guzzlehttp/guzzle" to version 6.5.6.
(T311384, CVE-2022-27776) Update "guzzlehttp/guzzle" to 6.5.8/7.4.5.
Package | Affected Version |
---|---|
pkg:freebsd/mediawiki138 | < 1.38.2 |
pkg:freebsd/mediawiki137 | < 1.37.3 |
pkg:freebsd/mediawiki135 | < 1.35.7 |
- ID
- FREEBSD:5AB54EA0-FA94-11EC-996C-080027B24E86
- Severity
- high
- Severity from
- CVE-2022-29248
- URL
- http://vuxml.freebsd.org/freebsd/5ab54ea0-fa94-11ec-996c-080027b24e86.html
- Published
-
2022-05-16T00:00:00
(2 years ago) - Modified
-
2022-07-03T00:00:00
(2 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2022-1646
- ALAS2-2022-1792
- ALPINE:CVE-2022-27776
- ALSA-2022:5313
- CURL-CVE-2022-27776
- DSA-5197-1
- DSA-5246-1
- ELSA-2022-5245
- ELSA-2022-5313
- FEDORA-2022-3517572083
- FEDORA-2022-3d8f00cde2
- FEDORA-2022-8277bef335
- FEDORA-2022-bca2c95559
- FEDORA-2022-f83aec6d57
- FREEBSD:92A4D881-C6CF-11EC-A06F-D4C9EF517024
- GLSA-202212-01
- MS:CVE-2022-27776
- PHP:GUZZLEHTTP-GUZZLE-2022-29248
- RHSA-2022:5245
- RHSA-2022:5313
- RLSA-2022:5313
- SSA:2022-117-01
- SUSE-SU-2022:1657-1
- SUSE-SU-2022:1680-1
- USN-5397-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/mediawiki138 | mediawiki138 | < 1.38.2 | ||||
Affected | pkg:freebsd/mediawiki137 | mediawiki137 | < 1.37.3 | ||||
Affected | pkg:freebsd/mediawiki135 | mediawiki135 | < 1.35.7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |