OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
References
Link | Resource |
---|---|
https://github.com/OpenMage/magento-lts/commit/d16fc6c5a1e66c6f0d9f82020f11702a7ddd78e4 | Patch Third Party Advisory |
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 | Release Notes Third Party Advisory |
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 | Release Notes Third Party Advisory |
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-h632-p764-pjqm | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
Summary | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue. |
06 Feb 2023, 18:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/OpenMage/magento-lts/commit/d16fc6c5a1e66c6f0d9f82020f11702a7ddd78e4 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/OpenMage/magento-lts/security/advisories/GHSA-h632-p764-pjqm - Third Party Advisory | |
CPE | cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:* | |
First Time |
Openmage magento
Openmage |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-434 |
27 Jan 2023, 19:31
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-27 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-41231
Mitre link : CVE-2021-41231
CVE.ORG link : CVE-2021-41231
JSON object : View
Products Affected
openmage
- magento