GHSA-3p73-mm7v-4f6m

Source

https://github.com/advisories/GHSA-3p73-mm7v-4f6m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-3p73-mm7v-4f6m/GHSA-3p73-mm7v-4f6m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3p73-mm7v-4f6m

Aliases

CVE-2023-23617

Published

2023-01-27T00:55:11Z

Modified

2023-11-08T04:11:41.302080Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

DoS vulnerability in MaliciousCode filter

Details

Impact

Infinite loop in malicious code filter in certain conditions.

Workarounds

None

Database specific

{
    "nvd_published_at": "2023-01-28T00:15:00Z",
    "github_reviewed_at": "2023-01-27T00:55:11Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-835"
    ]
}

References

Affected packages

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

19.4.22

Affected versions

1.*

1.9.1.1

1.9.2.0

1.9.2.1

1.9.2.2

1.9.2.3

1.9.2.4

1.9.3.0

1.9.3.1

v19.*

v19.4.0

v19.4.1

v19.4.2

v19.4.3

v19.4.4

v19.4.5

v19.4.6

v19.4.7

v19.4.8

v19.4.9

v19.4.10

v19.4.11

v19.4.12

v19.4.13

v19.4.14

v19.4.15

v19.4.16

v19.4.17

v19.4.18

v19.4.19

v19.4.20

v19.4.21

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

20.0.0

Fixed

20.0.19

Affected versions

v20.*

v20.0.0

v20.0.1

v20.0.2

v20.0.3

v20.0.4

v20.0.5

v20.0.6

v20.0.7

v20.0.8

v20.0.10

v20.0.11

v20.0.12

v20.0.13

v20.0.14

v20.0.15

v20.0.16

v20.0.17

v20.0.18