[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2019-0279":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":34,"duplicates":35,"related":36,"reserved_at":9,"published_at":47,"modified_at":48,"state":9,"summary":49,"references_raw":51,"kevs":76,"epss":9,"epss_history":77,"metrics":78,"affected":79},"MGASA-2019-0279","Updated mediawiki packages fix security vulnerabilities\n\nUpdated mediawiki packages fix security vulnerabilities:\n\nPotential XSS in jQuery (CVE-2019-11358).\n\nAn account can be logged out without using a token (CSRF) (CVE-2019-12466).\n\nA spammer can use Special:ChangeEmail to send out spam with no rate limiting\nor ability to block them (CVE-2019-12467).\n\nDirectly POSTing to Special:ChangeEmail would allow for bypassing\nreauthentication, allowing for potential account takeover (CVE-2019-12468).\n\nExposed suppressed username or log in Special:EditTags (CVE-2019-12469).\n\nExposed suppressed log in RevisionDelete page (CVE-2019-12470).\n\nLoading user JavaScript from a non-existent account allows anyone to create\nthe account, and XSS the users' loading that script (CVE-2019-12471).\n\nIt is possible to bypass the limits on IP range blocks (`$wgBlockCIDRLimit`)\nby using the API (CVE-2019-12472).\n\nPassing invalid titles to the API could cause a DoS by querying the entire\n`watchlist` table (CVE-2019-12473).\n\nPrivileged API responses that include whether a recent change has been\npatrolled may be cached publicly (CVE-2019-12474).\n\nThe mediawiki package has been updated to version 1.27.6 (Mageia 6) and 1.31.2\n(Mageia 7), fixing these issues and other bugs.  See the release announcements\nfor more details.\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32],{"_key":15},"CVE-2019-11358",{"_key":17},"CVE-2019-12466",{"_key":19},"CVE-2019-12467",{"_key":21},"CVE-2019-12468",{"_key":23},"CVE-2019-12469",{"_key":25},"CVE-2019-12470",{"_key":27},"CVE-2019-12471",{"_key":29},"CVE-2019-12472",{"_key":31},"CVE-2019-12473",{"_key":33},"CVE-2019-12474",[],[],[37,38,39,40,41,42,43,44,45,46],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},"2019-09-15T14:45:31Z","2026-04-16T04:26:18.159634Z",{"cisa_kev":50,"cisa_ransomware":50,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[52,58,63,68,72],{"url":53,"sources":54,"tags":56},"https://advisories.mageia.org/MGASA-2019-0279.html",[55],"osv_mageia",[57],"Advisory",{"url":59,"sources":60,"tags":61},"https://bugs.mageia.org/show_bug.cgi?id=25273",[55],[62],"REPORT",{"url":64,"sources":65,"tags":66},"https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html",[55],[62,67],"WEB",{"url":69,"sources":70,"tags":71},"https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000232.html",[55],[62,67],{"url":73,"sources":74,"tags":75},"https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-July/000234.html",[55],[62,67],[],[],[],[80,92],{"ecosystem":81,"name":82,"vendor":83,"product":82,"cpe_part":9,"purl_type":84,"purl_namespace":83,"purl_name":82,"source":9,"versions":85},"Mageia","mediawiki","mageia","rpm",[86],{"version":87,"is_range":88,"range_type":89,"version_start":9,"version_start_type":9,"version_end":90,"version_end_type":91,"fixed_in":9},"lt1_27_7_1_mga6",true,"ecosystem","1.27.7-1.mga6","excluding",{"ecosystem":81,"name":82,"vendor":83,"product":82,"cpe_part":9,"purl_type":84,"purl_namespace":83,"purl_name":82,"source":9,"versions":93},[94],{"version":95,"is_range":88,"range_type":89,"version_start":9,"version_start_type":9,"version_end":96,"version_end_type":91,"fixed_in":9},"lt1_31_3_1_mga7","1.31.3-1.mga7"]