exploitDog

CVE-2021-46897

Опубликовано: 22 окт. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

Ссылки

https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
Patch
https://github.com/coderedcorp/coderedcms/issues/448
Exploit
Issue Tracking
https://github.com/coderedcorp/coderedcms/pull/450
Third Party Advisory
https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
Patch
https://github.com/coderedcorp/coderedcms/issues/448
Exploit
Issue Tracking
https://github.com/coderedcorp/coderedcms/pull/450
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wagtailcrx:codered_extensions:*:*:*:*:*:*:*:*

Версия до 0.22.3 (исключая)

EPSS

Процентиль: 28%

0.00101

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-h454-rq3m-89rc

CVSS3: 6.5

github

больше 2 лет назад

Wagtail CRX CodeRed Extensions vulnerable to Path Traversal

EPSS

Процентиль: 28%

0.00101

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22