{"id":"PYSEC-2023-210","details":"views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.","aliases":["CVE-2021-46897","GHSA-h454-rq3m-89rc"],"modified":"2023-11-01T04:57:00.528905Z","published":"2023-10-22T19:15:00Z","references":[{"type":"REPORT","url":"https://github.com/coderedcorp/coderedcms/issues/448"},{"type":"WEB","url":"https://github.com/coderedcorp/coderedcms/pull/450"},{"type":"WEB","url":"https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3"}],"affected":[{"package":{"name":"coderedcms","ecosystem":"PyPI","purl":"pkg:pypi/coderedcms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.22.3"}]}],"versions":["0.10.0","0.11.0","0.12.0","0.12.1","0.13.0","0.13.1","0.13.2","0.13.3","0.14.0","0.14.1","0.15.0","0.15.1","0.15.2","0.16.0","0.16.1","0.16.2","0.16.3","0.17.0","0.18.0","0.18.1","0.18.2","0.19.0","0.19.0rc1","0.19.1","0.20.0","0.21.0","0.21.1","0.22.0","0.22.1","0.22.2","0.5.0","0.5.1","0.6.0","0.7.0","0.7.1","0.8.0","0.9.0","0.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/coderedcms/PYSEC-2023-210.yaml"}}],"schema_version":"1.7.3"}