PYSEC-2023-210

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/coderedcms/PYSEC-2023-210.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2023-210
Aliases
Published
2023-10-22T19:15:00Z
Modified
2023-11-01T04:57:00.528905Z
Summary
[none]
Details

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

References

Affected packages

PyPI / coderedcms

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.22.3

Affected versions

0.*

0.5.0
0.5.1
0.6.0
0.7.0
0.7.1
0.8.0
0.9.0
0.9.1
0.10.0
0.11.0
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.16.3
0.17.0
0.18.0
0.18.1
0.18.2
0.19.0rc1
0.19.0
0.19.1
0.20.0
0.21.0
0.21.1
0.22.0
0.22.1
0.22.2