CVE-2021-46897

CVE-2021-46897 affects Wagtail CRX CodeRed Extensions (formerly CodeRed CMS/coderedcms) prior to 0.22.3. The vulnerability is a path traversal flaw in views.py that allows upward traversal (..%2f..%2f) when serving protected media, as documented across multiple sources (GitHub issues/PRs and vend...

coderedcms (>=2.0.0 <=2.1.4), puput (=1.2.0) +31 more potentially affected by CVE-2023-45809 via wagtail (>=4.2.4 <=5.0.0rc1)

wagtail PYPI version =4.2.4, =2.0.0, =0.1.0, =0.3.4, =0.0.1, =1.6.0, =0.18.0, =0.19.2 - wagtail-hallo =0.3.0 - wagtail-images-deduplicator =1.0.0a1 and more Source cves: CVE-2023-45809 Source advisory: OSV:PYSEC-2023-219...

coderedcms (>=0.21.0 <=0.22.3), coop (>=2.13.0 <=2.15.0) +15 more potentially affected by CVE-2022-21683 via wagtail (>=2.13.5 <=2.15.0)

wagtail PYPI version =2.13.5, =0.21.0, =2.13.0, =1.0.6, =0.2.2, =0.0.3, =0.1.0, =0.1.5, =1.0.0rc2, =0.9.3, =0.1.1, =1.0.1, =0.13.1, =0.13.2 and more Source cves: CVE-2022-21683 Source advisory: OSV:PYSEC-2022-13...

coderedcms (>=0.18.0 <=0.18.2), coop (>=2.8.0 <=2.8.2) +12 more potentially affected by CVE-2020-15118 via wagtail (>=2.8.0 <=2.8.2)

wagtail PYPI version =2.8.0, =0.18.0, =2.8.0, =0.0.5, =4.1.0, =0.5.0, =1.0.0, =0.22.0, =0.9.8, =3.8.0, =3.9.0 Source cves: CVE-2020-15118 Source advisory: OSV:GHSA-2473-9HGQ-J7XW...

aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +100 more potentially affected by CVE-2020-11037 via wagtail (>=1.0.0 <=2.6.3)

wagtail PYPI version =1.0.0, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.1.1, =0.2.9, =5.22.3, =0.0.1, =10.1.21 and more Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...

allianceauth (>=2.1.0 <=2.1.1), beanstalk-dispatch (>=0.0.3 <=0.0.5) +214 more potentially affected by CVE-2019-11358 via django (>=2.0.0 <=2.1.8)

django PYPI version =2.0.0, =2.1.0, =0.0.3, =0.1.0, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =0.0.1, =1.1.0, =1.2.1 and more Source cves: CVE-2019-11358 Source advisory: OSV:GHSA-6C3J-C64M-QHGQ...

boorunaut (>=0.1.0 <=0.4.2), cloudxns-ddns-service (=1.0.0) +116 more potentially affected by CVE-2019-6975 via django (>=2.1.0 <=2.1.5)

django PYPI version =2.1.0, =0.1.0, =0.10.0, =2.4.0, =0.3.1, =0.1.6, =0.2.0, =1.3.2, =1.3.3 - django-autoconfig =0.8.0 and more Source cves: CVE-2019-6975 Source advisory: OSV:PYSEC-2019-18...

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +132 more potentially affected by CVE-2018-14574 via django (>=2.0.0 <=2.0.7)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =0.0.1, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +120 more potentially affected by CVE-2018-7536 via django (>=2.0.0 <=2.0.2)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 - django-cas-server =1.0.0 and more Source cves: CVE-2018-7536 Source advisory: SNYK:PYTHON-DJANGO-40778...

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +120 more potentially affected by CVE-2018-7537 via django (>=2.0.0 <=2.0.2)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 - django-cas-server =1.0.0 and more Source cves: CVE-2018-7537 Source advisory: SNYK:PYTHON-DJANGO-40779...