FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
17efbe19-4e72-426a-8016-2b4e001c1378	py-wagtail -- stored XSS vulnerability A stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view, available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view when displaying document fields. Discovery 2023-04-03 Entry 2023-08-31 py37-wagtail py38-wagtail py39-wagtail py310-wagtail py311-wagtail < 4.1.4 ge 4.2.0 lt 4.2.2 CVE-2023-28836 https://osv.dev/vulnerability/GHSA-5286-f2rf-35c2
2def7c4b-736f-4754-9f03-236fcb586d91	py-wagtail -- DoS vulnerability A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash or denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Discovery 2023-04-03 Entry 2023-08-31 py37-wagtail py38-wagtail py39-wagtail py310-wagtail py311-wagtail ge 4.2.0 lt 4.2.2 CVE-2023-28837 https://osv.dev/vulnerability/GHSA-33pv-vcgh-jfg9

VuXML ID

Description

17efbe19-4e72-426a-8016-2b4e001c1378

py-wagtail -- stored XSS vulnerability

A stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface.

A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials.

The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled.

For page, the vulnerability is in the "Choose a parent page" ModelAdmin view, available when managing pages via ModelAdmin.

For documents, the vulnerability is in the ModelAdmin Inspect view when displaying document fields.

Discovery 2023-04-03
Entry 2023-08-31
py37-wagtail
py38-wagtail
py39-wagtail
py310-wagtail
py311-wagtail

< 4.1.4

ge 4.2.0 lt 4.2.2

CVE-2023-28836
https://osv.dev/vulnerability/GHSA-5286-f2rf-35c2

2def7c4b-736f-4754-9f03-236fcb586d91

py-wagtail -- DoS vulnerability

A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents.

For both images and documents, files are loaded into memory during upload for additional processing.

A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash or denial of service.

The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.

It can only be exploited by admin users with permission to upload images or documents.

Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code.

Discovery 2023-04-03
Entry 2023-08-31
py37-wagtail
py38-wagtail
py39-wagtail
py310-wagtail
py311-wagtail

ge 4.2.0 lt 4.2.2

CVE-2023-28837
https://osv.dev/vulnerability/GHSA-33pv-vcgh-jfg9