Lucene search

MitreVULNRICHMENT:CVE-2021-46897

HistoryOct 22, 2023 - 12:00 a.m.

CVE-2021-46897

2023-10-2200:00:00

mitre

github.com

wagtail crx

codered extensions

path traversal

media vulnerability

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

32.4%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/…%2f…%2f path traversal when serving protected media.

References

github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3

github.com/coderedcorp/coderedcms/issues/448

github.com/coderedcorp/coderedcms/pull/450