6 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-39317 – Wagtail regular expression denial-of-service via search query parsing

https://notcve.org/view.php?id=CVE-2024-39317

Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. • https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2 https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797 https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2 https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8 • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 2.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-45809 – Disclosure of user names via admin bulk action views in wagtail

https://notcve.org/view.php?id=CVE-2023-45809

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. • https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-28837 – Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files

https://notcve.org/view.php?id=CVE-2023-28837

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). • https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880 https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165 https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a https://github.com/wagtail/wagtail/releases/tag/v4.1.4 https://github.com/wagtail/wagtail/releases/tag/v4.2.2 https://git • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-28836 – Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

https://notcve.org/view.php?id=CVE-2023-28836

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. • https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62 https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713 https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91 https://github • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-21683 – Comment reply notifications sent to incorrect users in wagtail

https://notcve.org/view.php?id=CVE-2022-21683

Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not have editing access to, as long as they have left a comment or reply somewhere on the site. A patched version has been released as Wagtail 2.15.2, which restores the intended behaviour - to send notifications for new replies to the participants in the active thread only (editing permissions are not considered). New comments can be disabled by setting `WAGTAILADMIN_COMMENTS_ENABLED = False` in the Django settings file. • https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd https://github.com/wagtail/wagtail/releases/tag/v2.15.2 https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •