Medium severity6.5NVD Advisory· Published Oct 22, 2023· Updated Jun 17, 2026
CVE-2021-46897
CVE-2021-46897
Description
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coderedcmsPyPI | < 0.22.3 | 0.22.3 |
Affected products
2- Wagtail/CRX CodeRed Extensionsdescription
Patches
Vulnerability mechanics
References
7- github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3nvdPatchWEB
- github.com/coderedcorp/coderedcms/issues/448nvdExploitIssue TrackingWEB
- github.com/advisories/GHSA-h454-rq3m-89rcghsaADVISORY
- github.com/coderedcorp/coderedcms/pull/450nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-46897ghsaADVISORY
- github.com/coderedcorp/coderedcms/commit/06006cec23a723bc7d76df75ce2c2d795a447902ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/coderedcms/PYSEC-2023-210.yamlghsaWEB
News mentions
0No linked articles in our index yet.