Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-39217

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.

Published

2023-01-27T18:15:09.087

Last Modified

2024-11-21T06:18:55.717

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openmage	magento	< 19.4.22	Yes
Application	openmage	magento	< 20.0.19	Yes

References

https://github.com/OpenMage/magento-lts/commit/289bd4b4f53622138e3e5c2d2cef7502d780086f Patch, Third Party Advisory ([email protected])
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 Release Notes, Third Party Advisory ([email protected])
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 Release Notes, Third Party Advisory ([email protected])
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7 Third Party Advisory ([email protected])
https://github.com/OpenMage/magento-lts/commit/289bd4b4f53622138e3e5c2d2cef7502d780086f Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)