CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-46897

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.0%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
https://github.com/coderedcorp/coderedcms/issues/448
https://github.com/coderedcorp/coderedcms/pull/450
https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
https://github.com/coderedcorp/coderedcms/issues/448
https://github.com/coderedcorp/coderedcms/pull/450

Products affected by CVE-2021-46897

Wagtailcrx » Codered Extensions » Version: Any

cpe:2.3:a:wagtailcrx:codered_extensions:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46897

Products

Pricing

Contact Us