Описание
Wagtail CRX CodeRed Extensions vulnerable to Path Traversal
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-46897
- https://github.com/coderedcorp/coderedcms/issues/448
- https://github.com/coderedcorp/coderedcms/pull/450
- https://github.com/coderedcorp/coderedcms/commit/06006cec23a723bc7d76df75ce2c2d795a447902
- https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
- https://github.com/pypa/advisory-database/tree/main/vulns/coderedcms/PYSEC-2023-210.yaml
Пакеты
Наименование
coderedcms
pip
Затронутые версииВерсия исправления
< 0.22.3
0.22.3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 2 лет назад
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.