Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
composer
openmage
magento-lts
v19.5.0
magento-lts v19.5.0
openmage
Published
Jul 28, 2023
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Best
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
92
Versions
92
Vulnerabilities
14
Vulnerabilities
14
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(2)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.5
CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
affected
Severity
High
Published
Sep 12, 2023
7.5
sonatype-2016-0133
jquery - Uncontrolled Resource Consumption
affected
Severity
High
Published
Mar 28, 2017
