6 matches found
cjkcms-seo (=2.4.0), wagtail-liveedit (>=0.0.9 <=0.0.10) +7 more potentially affected by CVE-2024-35228 via wagtail (>=6.0.0 <=6.0.2)
wagtail PYPI version =6.0.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-35228 Source advisory: OSV:GHSA-XXFM-VMCF-G33F...
django-cast (=0.2.33), wagtail-liveedit (=0.0.11) potentially affected by CVE-2024-35228 via wagtail (>=6.1.0 <=6.1.0rc2)
wagtail PYPI version =6.1.0, =6.1.0rc2 is affected by a known vulnerability. The following packages have a transitive dependency on wagtail and may be impacted: - django-cast =0.2.33 - wagtail-liveedit =0.0.11 Source cves: CVE-2024-35228 Source advisory: OSV:GHSA-XXFM-VMCF-G33F...
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...
CVE-2024-35228
CVE-2024-35228 affects Wagtail (Django-based CMS) via an improperly applied permission check in the wagtail.contrib.settings module. A user with access to the Wagtail admin and knowledge of the edit view URL can access and update the setting even without model permissions. The vulnerability is no...
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...