Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
openmage/magento-lts v20.0.12 | Vulnerabil… | Sonatype Guide
composer
openmage
magento-lts
v20.0.12
magento-lts v20.0.12
openmage
Published
Jun 25, 2021
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Best
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
92
Versions
92
Vulnerabilities
18
Vulnerabilities
18
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(6)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.5
CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
affected
Severity
High
Published
Sep 12, 2023
7.2
CVE-2021-39217
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.
affected
Severity
High
Published
Jan 27, 2023
8.8
CVE-2021-41144
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
affected
Severity
High
Published
Jan 27, 2023
7.5
CVE-2023-23617
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.
affected
Severity
High
Published
Jan 27, 2023
7.2
CVE-2021-41143
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
affected
Severity
High
Published
Jan 27, 2023
7.2
CVE-2021-41231
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
affected
Severity
High
Published
Jan 27, 2023
