Vulnerability Description
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openmage | Openmage | < 19.4.15 |
Related Weaknesses (CWE)
References
- https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15Release NotesThird Party Advisory
- https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11Release NotesThird Party Advisory
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fhThird Party Advisory
- https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15Release NotesThird Party Advisory
- https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11Release NotesThird Party Advisory
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fhThird Party Advisory
FAQ
What is CVE-2021-32758?
CVE-2021-32758 is a vulnerability with a CVSS score of 7.2 (HIGH). OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The l...
How severe is CVE-2021-32758?
CVE-2021-32758 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32758?
Check the references section above for vendor advisories and patch information. Affected products include: Openmage Openmage.