CVE-2021-39217
published 2023-01-27CVE-2021-39217: OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block…
PriorityP344high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.32%
67.3th percentile
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openmage | magento | < 19.4.22 | 19.4.22 |
| openmage | magento | >= 20.0.0 < 20.0.19 | 20.0.19 |
| openmage | magento-lts | < 19.4.22 | 19.4.22 |
| openmage | magento-lts | — | — |
| openmage | magento-lts | >= 0 < 19.4.22 | 19.4.22 |
| openmage | magento-lts | >= 20.0.0 < 20.0.19 | 20.0.19 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Fix for arbitrary command execution in custom layout update through blocks
osv·2023-01-27
CVE-2021-39217 [HIGH] Fix for arbitrary command execution in custom layout update through blocks
Fix for arbitrary command execution in custom layout update through blocks
### Impact
Custom Layout enabled admin users to execute arbitrary commands via block methods.
GHSA
Fix for arbitrary command execution in custom layout update through blocks
ghsa·2023-01-27
CVE-2021-39217 [HIGH] CWE-77 Fix for arbitrary command execution in custom layout update through blocks
Fix for arbitrary command execution in custom layout update through blocks
### Impact
Custom Layout enabled admin users to execute arbitrary commands via block methods.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenMage/magento-lts/commit/289bd4b4f53622138e3e5c2d2cef7502d780086fhttps://github.com/OpenMage/magento-lts/releases/tag/v19.4.22https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7https://github.com/OpenMage/magento-lts/commit/289bd4b4f53622138e3e5c2d2cef7502d780086fhttps://github.com/OpenMage/magento-lts/releases/tag/v19.4.22https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7
2023-01-27
Published