CVE-2023-23617 — Infinite Loop in Magento-lts

CWE-835 — Infinite Loop4 documents4 sources

Severity

7.5HIGHNVD

CNA4.9

EPSS

0.3%

top 49.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openmage Magento-lts Openmage Magento

Timeline

Latest updateJan 27

PublishedJan 28

Description

OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDopenmage/magento20.0.0 — 20.0.19+1

▶CVEListV5openmage/magento-lts< 19.4.22+1

▶Packagistopenmage/magento-lts20.0.0 — 20.0.19+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

OpenMage LTS has DoS vulnerability in MaliciousCode filter↗2023-01-27

▶

OSV

DoS vulnerability in MaliciousCode filter↗2023-01-27

▶

GHSA

DoS vulnerability in MaliciousCode filter↗2023-01-27

▶