CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
32.4%
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/…%2f…%2f path traversal when serving protected media.
Vendor | Product | Version | CPE |
---|---|---|---|
* | coderedcms | * | cpe:2.3:a:*:coderedcms:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-h454-rq3m-89rc
github.com/coderedcorp/coderedcms/commit/06006cec23a723bc7d76df75ce2c2d795a447902
github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
github.com/coderedcorp/coderedcms/issues/448
github.com/coderedcorp/coderedcms/pull/450
github.com/pypa/advisory-database/tree/main/vulns/coderedcms/PYSEC-2023-210.yaml
nvd.nist.gov/vuln/detail/CVE-2021-46897