Security Advisories - openmage/magento-lts

openmage/magento-lts Security Advisories for 1.9.2.1 (12)

DataFlow upload remote code execution vulnerability

CVE-2021-41231

Affected version: >=20.0.0,<20.0.19|<19.4.22

Reported by:
GitHub
Fix for authenticated remote code execution through layout update

CVE-2021-41144

Affected version: >=20.0.0,<20.0.19|<19.4.22

Reported by:
GitHub
DoS vulnerability in MaliciousCode filter

CVE-2023-23617

Affected version: >=20.0.0,<20.0.19|<19.4.22

Reported by:
GitHub
Fix for arbitrary file deletion in customer media allows for remote code execution

CVE-2021-41143

Affected version: >=20.0.0,<20.0.19|<19.4.22

Reported by:
GitHub
Fix for arbitrary command execution in custom layout update through blocks

CVE-2021-39217

Affected version: >=20.0.0,<20.0.19|<19.4.22

Reported by:
GitHub
magento-lts Reset Password not protected against well-timed CSRF

CVE-2021-21395

Affected version: >=20.0.0,<20.0.19|<19.4.22

Reported by:
GitHub
Layout XML Arbitrary Code Fix

CVE-2021-32758

Affected version: >=20.0.0,<20.0.13|<19.4.15

Reported by:
GitHub
Data Flow Sanitation Issue Fix

CVE-2021-32759

Affected version: >=20.0.0,<20.0.13|<19.4.15

Reported by:
GitHub
Backport for CVE-2021-21024 Blind SQLi from Magento 2

CVE-2021-21427

Affected version: >=20.0.0,<=20.0.8|<=19.4.12

Reported by:
GitHub
Fixes a bug in Zend Framework's Stream HTTP Wrapper

CVE-2021-21426

Affected version: >=20.0.0,<=20.0.8|<=19.4.12

Reported by:
GitHub
RCE via PHP Object injection via SOAP Requests

CVE-2020-15244

Affected version: >=20.0.0,<20.0.4|<19.4.8

Reported by:
GitHub
Observable Timing Discrepancy in OpenMage LTS

CVE-2020-15151

Affected version: >=20.0.0,<20.0.2|<19.4.6

Reported by:
GitHub