Components Vulnerabilities Pricing MCP

openmage/magento-lts v19.4.5 | Vulnerabili… | Sonatype Guide

magento-lts

v19.4.5

magento-lts v19.4.5

openmage

PublishedJul 7, 2020•Policy

compliance

composer Registry

Developer Trust Score

N/A

Recommended Version:x.y.zBest

Latest version with 0 known vulnerabilities that meets your policy.

Compare Versions

Severity

Critical (2)

High (0)

Medium (0)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV Status

Published

9.0CVE-2021-32758

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.

SeverityCritical

PublishedAug 30, 2021

9.8CVE-2021-21426

Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework 3. The vulnerability was assigned CVE-2021-3007 in Zend Framework.

SeverityCritical

PublishedApr 22, 2021