CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.
This results in the editing history of the IP address being displayed in the article. This issue has been addressed by reassigning the edits to
CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
This allows for bypassing the blacklist and allowing the blocked title to be edited via Special:ChangeContentModel . Therefore it is recommended to upgrade to the
CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.
For more information, see the fixes for golang.org/issue/11641 and golang.org/issue/16111. You are likely to be at risk if you:
CVE-2021-44855 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1