CVE-2021-41144
published 2023-01-27CVE-2021-41144: OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code…
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.17%
63.4th percentile
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openmage | magento | < 19.4.22 | 19.4.22 |
| openmage | magento | >= 20.0.0 < 20.0.19 | 20.0.19 |
| openmage | magento-lts | < 19.4.22 | 19.4.22 |
| openmage | magento-lts | — | — |
| openmage | magento-lts | >= 0 < 19.4.22 | 19.4.22 |
| openmage | magento-lts | >= 20.0.0 < 20.0.19 | 20.0.19 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Fix for authenticated remote code execution through layout update
ghsa·2023-01-27
CVE-2021-41144 [HIGH] CWE-77 Fix for authenticated remote code execution through layout update
Fix for authenticated remote code execution through layout update
### Impact
A layout block was able to bypass the block blacklist to execute remote code.
OSV
Fix for authenticated remote code execution through layout update
osv·2023-01-27
CVE-2021-41144 [HIGH] Fix for authenticated remote code execution through layout update
Fix for authenticated remote code execution through layout update
### Impact
A layout block was able to bypass the block blacklist to execute remote code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenMage/magento-lts/commit/06c45940ba3256cdfc9feea12a3c0ca56d23acf8https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5j2g-3ph4-rgvmhttps://github.com/OpenMage/magento-lts/commit/06c45940ba3256cdfc9feea12a3c0ca56d23acf8https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5j2g-3ph4-rgvm
2023-01-27
Published