wagtail@6.0.1 vulnerabilities

A Django content management system.

latest version

6.1.2
latest non vulnerable version

6.1.2
first published

10 years ago
latest version published

a month ago
licenses detected
- BSD-2-Clause
  [0,)
View wagtail package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wagtail package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Handling of Insufficient Permissions or Privileges wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the `wagtail.contrib.settings` module. An attacker with access to the admin and knowledge of the URL of the edit view for a settings model can modify settings without proper permissions. How to fix Improper Handling of Insufficient Permissions or Privileges? Upgrade `wagtail` to version 6.0.5, 6.1.2 or higher.	[,6.0.5) [6.1rc1,6.1.2)
L Improper Authorization wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Authorization through `wagtail.contrib.settings` or `ModelViewSet` with restricted access configured via the `permission` argument on `FieldPanel`. An attacker with edit permissions on the model but not on specific fields can craft an HTTP POST request that bypasses the permission checks for individual fields, allowing unauthorized modification of their values. Note This issue does not affect ordinary site visitors without Wagtail admin access or users without edit permissions on the model. The editing interfaces for pages and snippets are also unaffected. How to fix Improper Authorization? Upgrade `wagtail` to version 6.0.3 or higher.	[6.0,6.0.3)

Improper Handling of Insufficient Permissions or Privileges

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the wagtail.contrib.settings module. An attacker with access to the admin and knowledge of the URL of the edit view for a settings model can modify settings without proper permissions.

How to fix Improper Handling of Insufficient Permissions or Privileges?

Upgrade wagtail to version 6.0.5, 6.1.2 or higher.

[,6.0.5) [6.1rc1,6.1.2)

Improper Authorization

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Improper Authorization through wagtail.contrib.settings or ModelViewSet with restricted access configured via the permission argument on FieldPanel.

An attacker with edit permissions on the model but not on specific fields can craft an HTTP POST request that bypasses the permission checks for individual fields, allowing unauthorized modification of their values.

Note

This issue does not affect ordinary site visitors without Wagtail admin access or users without edit permissions on the model. The editing interfaces for pages and snippets are also unaffected.

How to fix Improper Authorization?

Upgrade wagtail to version 6.0.3 or higher.

[6.0,6.0.3)

Go back to all versions of this package

wagtail@6.0.1 vulnerabilities

A Django content management system.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities