Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01dmo4LWczcWctNHFoNs4AAyfO

Critical EPSS: 0.0018% (0.39987 Percentile) EPSS:
Permalink JSON

X-Forwarded-For header allows brute-forcing autoblocked IP addresses

Affected Packages Affected Versions Fixed Versions
packagist:mediawiki/core < 1.35.10, >= 1.38.0, < 1.38.6, >= 1.39.0, < 1.39.3 1.35.10, 1.38.6, 1.39.3
4 Dependent packages
10 Dependent repositories
3,404 Downloads total

Affected Version Ranges

All affected versions

1.20.3, 1.20.4, 1.20.5, 1.20.6, 1.20.7, 1.20.8, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.21.8, 1.21.9, 1.21.10, 1.21.11, 1.22.0rc0, 1.24.0, 1.24.0-rc.0, 1.24.0-rc.1, 1.24.0-rc.2, 1.24.0-rc.3, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.24.6, 1.25.0, 1.25.0-rc.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.25.6, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 1.27.0, 1.27.0-rc.0, 1.27.0-rc.1, 1.27.1, 1.27.2, 1.27.3, 1.27.4, 1.27.5, 1.27.6, 1.27.7, 1.28.0, 1.28.0-rc.0, 1.28.0-rc.1, 1.28.1, 1.28.2, 1.28.3, 1.29.0, 1.29.0-rc.0, 1.29.0-rc.1, 1.29.1, 1.29.2, 1.29.3, 1.30.0, 1.30.0-rc.0, 1.30.1, 1.30.2, 1.31.0, 1.31.0-rc.0, 1.31.0-rc.1, 1.31.0-rc.2, 1.31.1, 1.31.2, 1.31.3, 1.31.4, 1.31.5, 1.31.6, 1.31.7, 1.31.8, 1.31.9, 1.31.10, 1.31.11, 1.31.12, 1.31.13, 1.31.14, 1.31.15, 1.31.16, 1.32.0, 1.32.0-rc.0, 1.32.0-rc.1, 1.32.0-rc.2, 1.32.1, 1.32.2, 1.32.3, 1.32.4, 1.32.5, 1.32.6, 1.33.0, 1.33.0-rc.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.34.0, 1.34.0-rc.0, 1.34.0-rc.1, 1.34.1, 1.34.2, 1.34.3, 1.34.4, 1.35.0, 1.35.0-rc.0, 1.35.0-rc.1, 1.35.0-rc.2, 1.35.0-rc.3, 1.35.1, 1.35.2, 1.35.3, 1.35.4, 1.35.5, 1.35.6, 1.35.7, 1.35.8, 1.35.9, 1.38.0, 1.38.0-rc.0, 1.38.0-rc.1, 1.38.1, 1.38.2, 1.38.3, 1.38.4, 1.38.5, 1.39.0, 1.39.0-rc.0, 1.39.0-rc.1, 1.39.1, 1.39.2

All unaffected versions

1.35.10, 1.35.11, 1.35.12, 1.35.13, 1.35.14, 1.36.0, 1.36.1, 1.36.2, 1.36.3, 1.36.4, 1.37.0, 1.37.1, 1.37.2, 1.37.3, 1.37.4, 1.37.5, 1.37.6, 1.38.6, 1.38.7, 1.39.3, 1.39.4, 1.39.5, 1.39.6, 1.39.7, 1.39.8, 1.39.9, 1.39.10, 1.39.11, 1.39.12, 1.39.13, 1.40.0, 1.40.1, 1.40.2, 1.40.3, 1.40.4, 1.41.0, 1.41.1, 1.41.2, 1.41.3, 1.41.4, 1.41.5, 1.42.0, 1.42.1, 1.42.2, 1.42.3, 1.42.4, 1.42.5, 1.42.6, 1.42.7, 1.43.0, 1.43.1, 1.43.2, 1.43.3, 1.44.0

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

References:

Identifiers

GHSA-5vj8-g3qg-4qh6

CVE-2023-29141

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.0018

EPSS Percentile: 0.39987

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 2 years ago

Updated

9 months ago

API

JSON