wagtail is vulnerable to Improper Access Control
65
Medium Risk
The image preview endpoint is missing a permission check on the target image. A user with access to the Wagtail admin can preview any image regardless of the permissions on it. The underlying image object data is not exposed, but the rendered preview is. The fix enforces a per-image change permission check before rendering the preview.
You are affected if you are using a version that falls within the vulnerable range and grant users access to the Wagtail admin.
wagtail is vulnerable to Improper Access Control in versions 0.0.1 - 7.0.7, 7.1.0 - 7.3.2 and 7.4.0 - 7.4.1.
Upgrade the wagtail library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant