CVE-2021-41144

Опубликовано: 27 янв. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

Ссылки

https://github.com/OpenMage/magento-lts/commit/06c45940ba3256cdfc9feea12a3c0ca56d23acf8
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
Release Notes
Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19
Release Notes
Third Party Advisory
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5j2g-3ph4-rgvm
Third Party Advisory
https://github.com/OpenMage/magento-lts/commit/06c45940ba3256cdfc9feea12a3c0ca56d23acf8
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
Release Notes
Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19
Release Notes
Third Party Advisory
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5j2g-3ph4-rgvm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*

Версия до 19.4.22 (исключая)

cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*

Версия от 20.0.0 (включая) до 20.0.19 (исключая)

EPSS

Процентиль: 14%

0.00044

Низкий

8.8 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-5j2g-3ph4-rgvm