Mezzanine@1.4.16 vulnerabilities

An open source content management platform built using the Django framework.

Direct Vulnerabilities

Known vulnerabilities in the Mezzanine package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Authentication Bypass Using an Alternate Path or Channel

Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to the manipulation of the Host header. An attacker can bypass access controls by crafting malicious Host header values.

How to fix Authentication Bypass Using an Alternate Path or Channel?

There is no fixed version for Mezzanine.

[0,)
  • M
Cross-site Request Forgery (CSRF)

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the admin panel.

How to fix Cross-site Request Forgery (CSRF)?

There is no fixed version for Mezzanine.

[0,)
  • M
Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows remote attackers to execute arbitrary code via the Description field of the component admin/blog/blogpost/add/.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for Mezzanine.

[0,)
  • M
Information Exposure

mezzanine is a content management platform.

Affected versions of this package are vulnerable to Information Exposure. The password reset url is exposed to untrusted intermediary nodes in the network.

How to fix Information Exposure?

Upgrade mezzanine to version 4.3.0 or higher.

[,4.3.0)