Vulnerabilities > CVE-2021-39217 - Unspecified vulnerability in Openmage Magento
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.
Vulnerable Configurations
References
- https://github.com/OpenMage/magento-lts/commit/289bd4b4f53622138e3e5c2d2cef7502d780086f
- https://github.com/OpenMage/magento-lts/commit/289bd4b4f53622138e3e5c2d2cef7502d780086f
- https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
- https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
- https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19
- https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7