[FREEBSD:5AB54EA0-FA94-11EC-996C-080027B24E86] mediawiki -- multiple vulnerabilities

Severity High

Affected Packages 3

CVEs 2

Mediawiki reports:

  (T308471) Username is not escaped in the "welcomeuser" message.
  (T308473) Username not escaped in the contributions-title message.
  (T309377, CVE-2022-29248) Update "guzzlehttp/guzzle" to version 6.5.6.
  (T311384, CVE-2022-27776) Update "guzzlehttp/guzzle" to 6.5.8/7.4.5.

Package	Affected Version
pkg:freebsd/mediawiki138	< 1.38.2
pkg:freebsd/mediawiki137	< 1.37.3
pkg:freebsd/mediawiki135	< 1.35.7

ID

FREEBSD:5AB54EA0-FA94-11EC-996C-080027B24E86

Severity

high

Severity from

CVE-2022-29248

URL

http://vuxml.freebsd.org/freebsd/5ab54ea0-fa94-11ec-996c-080027b24e86.html

Published

2022-05-16T00:00:00
(2 years ago)

Modified

2022-07-03T00:00:00
(2 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/mediawiki138	mediawiki138	< 1.38.2
Affected	pkg:freebsd/mediawiki137	mediawiki137	< 1.37.3
Affected	pkg:freebsd/mediawiki135	mediawiki135	< 1.35.7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date