CVE-2021-32759

Опубликовано: 27 авг. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue.

Ссылки

https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.13
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-xm9f-vxmx-4m58
Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.13
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-xm9f-vxmx-4m58
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openmage:magento:*:*:*:*:*:*:*:*

Версия до 19.4.13 (исключая)

cpe:2.3:a:openmage:magento:*:*:*:*:*:*:*:*

Версия от 20.0.0 (включая) до 20.0.11 (исключая)

EPSS

Процентиль: 67%

0.0055

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-xm9f-vxmx-4m58

github

больше 4 лет назад

Data Flow Sanitation Issue Fix