CVE-2021-32759

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32759

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32759.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32759

Aliases

GHSA-xm9f-vxmx-4m58

Withdrawn

2024-05-15T05:31:51.532984Z

Published

2021-08-27T22:15:07Z

Modified

2023-11-29T08:54:31.463704Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue.

References

Affected packages

Git / github.com/openmage/magento-lts

Affected ranges

Type: GIT
Repo: https://github.com/openmage/magento-lts
Events: Introduced

16c8e84ddaf5d54eef1e025a241bdd5f9a60bd6f

Fixed

c5a24f77af6780913b7ff05f9e50c6486f7891fc

Affected versions

v19.*

v19.4.10

v19.4.11

v19.4.12

v19.4.13

v19.4.14

v19.4.5

v19.4.6

v19.4.7

v19.4.8

v19.4.9

v20.*

v20.0.0

v20.0.1

v20.0.10

v20.0.2

v20.0.3

v20.0.4

v20.0.5

v20.0.6

v20.0.7

v20.0.8