Description
Impact
Layout XML enabled admin users to execute arbitrary commands via block methods.
Basic information
- Type
- reviewed
- Severity
- high
- Advisory on GitHub
- Open advisory ↗
- Repository advisory
- Open repository advisory ↗
- Source code
- Not specified
- Published (advisory)
- 2021-08-30 17:20:52 UTC
- Updated
- 2023-02-01 05:06:04 UTC
- GitHub reviewed
- 2021-08-30 16:42:41 UTC
- NVD published
- 2021-08-27
EPSS Score
| Score |
Percentile |
|
0.36%
|
57.52% |
CVSS Scores
No CVSS scores in this advisory.
CWEs
| CWE id |
Name |
|
CWE-91
|
XML Injection (aka Blind XPath Injection) |
Affected packages (2)
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem |
Package |
Vulnerable range |
First patched |
Vulnerable functions |
| composer |
openmage/magento-lts |
< 19.4.15 |
19.4.15 |
—
|
| composer |
openmage/magento-lts |
>= 20.0.0, < 20.0.13 |
20.0.13 |
—
|
cvelogic
Threat Intelligence