CVE-2024-39317 – Wagtail regular expression denial-of-service via search query parsing
https://notcve.org/view.php?id=CVE-2024-39317
Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. • https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2 https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797 https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2 https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-45809 – Disclosure of user names via admin bulk action views in wagtail
https://notcve.org/view.php?id=CVE-2023-45809
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. • https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') CWE-532: Insertion of Sensitive Information into Log File •