CVE-2021-46897 Information

Description

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

Reference

https://github.com/coderedcorp/coderedcms/issues/448 https://github.com/coderedcorp/coderedcms/pull/450 https://github.com/coderedcorp/coderedcms/compare/v0.22.2…v0.22.3