10 matches found
django-mdeditor is Missing Authentication for Critical Function
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
GHSA-QP2C-XQV6-PHH6 django-mdeditor is Missing Authentication for Critical Function
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
unicef-hope-aurora (>=1.7.0.dev639 <=1.7.0rc1) potentially affected by CVE-2025-13030 via django-mdeditor (=0.1.20)
django-mdeditor PYPI version =0.1.20 is affected by a known vulnerability. The following packages have a transitive dependency on django-mdeditor and may be impacted: - unicef-hope-aurora =1.7.0.dev639, =1.7.0rc1 Source cves: CVE-2025-13030 Source advisory: OSV:GHSA-QP2C-XQV6-PHH6...
CVE-2025-13030
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
CVE-2025-13030
CVE-2025-13030 affects the django-mdeditor package. All versions are vulnerable to Missing Authentication for Critical Function in the image upload endpoint, allowing an attacker to upload malicious files and achieve arbitrary code execution due to lack of authentication and improper sanitisation...
EUVD-2025-209593
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
CVE-2025-13030
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...
django-mdeditor 访问控制错误漏洞
django-mdeditor is an Editor.md-based Django Markdown editor plugin developed by DeanWu. django-mdeditor has a access control vulnerability, which stems from the lack of key functionality for authentication at the image upload endpoint. This vulnerability allows attackers to upload malicious file...
PT-2026-36039
Name of the Vulnerable Software and Affected Versions django-mdeditor affected versions not specified Description The image upload endpoint lacks authentication protection and proper sanitization of file names. This allows an attacker to upload malicious files and achieve arbitrary code execution...
unicef-hope-aurora (>=1.7.0.dev639 <=1.7.0rc1) potentially affected by CVE-2025-13030 via django-mdeditor (=0.1.20)
django-mdeditor PYPI version =0.1.20 is affected by a known vulnerability. The following packages have a transitive dependency on django-mdeditor and may be impacted: - unicef-hope-aurora =1.7.0.dev639, =1.7.0rc1 Source cves: CVE-2025-13030 Source advisory: SNYK:PYTHON-DJANGOMDEDITOR-8630926...