FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki135 < 1.35.6
mediawiki136 < 1.36.4
mediawiki137 < 1.37.2


VuXML ID 79ea6066-b40e-11ec-8b93-080027b24e86
Discovery 2021-12-12
Entry 2022-04-04

Mediawiki reports:

(T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete.

(T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki.

(T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS.

(T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages.


CVE Name CVE-2022-28201
CVE Name CVE-2022-28202
CVE Name CVE-2022-28203
CVE Name CVE-2022-28204