Headline
GHSA-h454-rq3m-89rc: Wagtail CRX CodeRed Extensions vulnerable to Path Traversal
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/…%2f…%2f path traversal when serving protected media.
Wagtail CRX CodeRed Extensions vulnerable to Path Traversal
Moderate severity GitHub Reviewed Published Oct 22, 2023 to the GitHub Advisory Database • Updated Oct 24, 2023
Related news
CVE-2021-46897: (security) An login user can access local files on coderedcms server · Issue #448 · coderedcorp/coderedcms
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.