Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
openmage/magento-lts v19.4.11 | Vulnerabil… | Sonatype Guide
composer
openmage
magento-lts
v19.4.11
magento-lts v19.4.11
openmage
Published
Feb 14, 2021
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Best
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
92
Versions
92
Vulnerabilities
20
Vulnerabilities
20
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(6)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.2
CVE-2021-39217
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.
affected
Severity
High
Published
Jan 27, 2023
8.8
CVE-2021-41144
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
affected
Severity
High
Published
Jan 27, 2023
7.5
CVE-2023-23617
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.
affected
Severity
High
Published
Jan 27, 2023
7.2
CVE-2021-41143
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
affected
Severity
High
Published
Jan 27, 2023
7.2
CVE-2021-41231
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
affected
Severity
High
Published
Jan 27, 2023
7.2
CVE-2021-21427
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in versions 19.4.13 and 20.0.9.
affected
Severity
High
Published
Apr 22, 2021
