Unknown · Wagtail Crx Codered Extensions · CVE-2021-46897
**Name of the Vulnerable Software and Affected Versions**
Wagtail CRX CodeRed Extensions versions prior to 0.22.3
**Description**
The issue allows upward protected/..%2f..%2f path traversal when serving protected media. This is due to a problem in views.py.
**Recommendations**
For versions prior to 0.22.3, update to version 0.22.3 or later to resolve the issue. As a temporary workaround, consider restricting access to protected media to minimize the risk of exploitation.