GHSA-xm9f-vxmx-4m58

Source

https://github.com/advisories/GHSA-xm9f-vxmx-4m58

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-xm9f-vxmx-4m58/GHSA-xm9f-vxmx-4m58.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xm9f-vxmx-4m58

Aliases

CVE-2021-32759

Published

2021-08-30T17:20:41Z

Modified

2024-12-02T05:42:27.338247Z

Summary

Data Flow Sanitation Issue Fix

Details

Impact

Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server.

Database specific

{
    "nvd_published_at": "2021-08-27T22:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-30T16:42:38Z"
}

References

Affected packages

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

19.4.15

Affected versions

1.*

1.9.1.1

1.9.2.0

1.9.2.1

1.9.2.2

1.9.2.3

1.9.2.4

1.9.3.0

1.9.3.1

v19.*

v19.4.0

v19.4.1

v19.4.2

v19.4.3

v19.4.4

v19.4.5

v19.4.6

v19.4.7

v19.4.8

v19.4.9

v19.4.10

v19.4.11

v19.4.12

v19.4.13

v19.4.14

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

20.0.0

Fixed

20.0.13

Affected versions

v20.*

v20.0.0

v20.0.1

v20.0.2

v20.0.3

v20.0.4

v20.0.5

v20.0.6

v20.0.7

v20.0.8

v20.0.10

v20.0.11

v20.0.12