Django REST framework
Api Root
Package List
Package Instance
Format
json
api
admin
Package Instance
Lookup for vulnerable packages by Package URL.
Purl
pkg:pypi/coderedcms@0.18.1
Type
pypi
Namespace
Name
coderedcms
Version
0.18.1
Qualifiers
Subpath
Is_vulnerable
true
Next_non_vulnerable_version
0.22.3
Latest_non_vulnerable_version
0.22.3
Affected_by_vulnerabilities
0
url
VCID-yx6s-n66a-j3g6
vulnerability_id
VCID-yx6s-n66a-j3g6
summary
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.
references
0
reference_url
https://github.com/coderedcorp/coderedcms/commit/06006cec23a723bc7d76df75ce2c2d795a447902
reference_id
reference_type
scores
url
https://github.com/coderedcorp/coderedcms/commit/06006cec23a723bc7d76df75ce2c2d795a447902
1
reference_url
https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
reference_id
reference_type
scores
url
https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3
2
reference_url
https://github.com/coderedcorp/coderedcms/issues/448
reference_id
reference_type
scores
url
https://github.com/coderedcorp/coderedcms/issues/448
3
reference_url
https://github.com/coderedcorp/coderedcms/pull/450
reference_id
reference_type
scores
url
https://github.com/coderedcorp/coderedcms/pull/450
4
reference_url
https://github.com/pypa/advisory-database/tree/main/vulns/coderedcms/PYSEC-2023-210.yaml
reference_id
reference_type
scores
url
https://github.com/pypa/advisory-database/tree/main/vulns/coderedcms/PYSEC-2023-210.yaml
5
reference_url
https://nvd.nist.gov/vuln/detail/CVE-2021-46897
reference_id
CVE-2021-46897
reference_type
scores
url
https://nvd.nist.gov/vuln/detail/CVE-2021-46897
6
reference_url
https://github.com/advisories/GHSA-h454-rq3m-89rc
reference_id
GHSA-h454-rq3m-89rc
reference_type
scores
url
https://github.com/advisories/GHSA-h454-rq3m-89rc
fixed_packages
0
url
pkg:pypi/coderedcms@0.22.3
purl
pkg:pypi/coderedcms@0.22.3
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/coderedcms@0.22.3
aliases
CVE-2021-46897, GHSA-h454-rq3m-89rc, PYSEC-2023-210
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-yx6s-n66a-j3g6
Fixing_vulnerabilities
Risk_score
null
Resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/coderedcms@0.18.1
×
Create
None
×
Edit
None