GHSA-jrgf-vfw2-hj26

Source

https://github.com/advisories/GHSA-jrgf-vfw2-hj26

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-jrgf-vfw2-hj26/GHSA-jrgf-vfw2-hj26.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jrgf-vfw2-hj26

Aliases

CVE-2020-15244

Published

2020-10-30T17:06:06Z

Modified

2023-11-08T04:02:35.165635Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

RCE via PHP Object injection via SOAP Requests

Details

Impact

This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.

Patches

The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved

Credits

Credit to Luke Rodgers for reporting

Database specific

{
    "nvd_published_at": "2020-10-21T20:15:00Z",
    "github_reviewed_at": "2020-10-30T16:25:06Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-502",
        "CWE-74"
    ]
}

References

Affected packages

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

19.4.8

Affected versions

1.*

1.9.1.1

1.9.2.0

1.9.2.1

1.9.2.2

1.9.2.3

1.9.2.4

1.9.3.0

1.9.3.1

v19.*

v19.4.0

v19.4.1

v19.4.2

v19.4.3

v19.4.4

v19.4.5

v19.4.6

v19.4.7

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

20.0.0

Fixed

20.0.4

Affected versions

v20.*

v20.0.0

v20.0.1

v20.0.2

v20.0.3