CVE-2021-41143

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41143

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41143.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-41143

Aliases

GHSA-5vpv-xmcj-9q85

Related

GHSA-5vpv-xmcj-9q85

Published

2023-01-27T19:15:09.377Z

Modified

2026-04-12T02:00:44.994509Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

References

Affected packages

Git / github.com/openmage/magento-lts

Affected ranges

Type

GIT

Repo

https://github.com/openmage/magento-lts

Events

Introduced

Fixed

d28003ffa21be11591a7182840abc7b44bdf7d14

Introduced

16c8e84ddaf5d54eef1e025a241bdd5f9a60bd6f

Fixed

e527e810970798b7c1ecfe1cf8d20a3e7a9aa238

Fixed

45330ff50439984e806992fa22c3f96c4d660f91

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "19.4.22"
        },
        {
            "introduced": "20.0.0"
        },
        {
            "fixed": "20.0.19"
        }
    ],
    "cpe": "cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ]
}

Affected versions

1.*

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.2.0

1.2.0.1

1.2.0.2

1.2.0.3

1.2.1

1.2.1.2

1.3.0

1.3.1

1.3.1.1

1.3.2

1.3.2.1

1.3.2.2

1.3.2.3

1.3.2.4

1.4.0.0

1.4.0.0-alpha1

1.4.0.0-alpha2

1.4.0.0-alpha3

1.4.0.0-beta1

1.4.0.0-rc1

1.4.0.1

1.4.1.0

1.4.1.1

1.4.2.0

1.5.0.0

1.5.0.0-alpha1

1.5.0.0-alpha2

1.5.0.0-beta1

1.5.0.0-beta2

1.5.0.0-rc1

1.5.0.0-rc2

1.5.0.1

1.5.1.0

1.6.0.0

1.6.0.0-alpha1

1.6.0.0-beta1

1.6.0.0-rc1

1.6.0.0-rc2

1.6.1.0

1.7.0.0

1.7.0.1

1.7.0.2

1.8.1.0

1.9.0.0

1.9.0.1

1.9.1.0-lts

1.9.1.1

v19.*

v19.4.0

v19.4.1

v19.4.10

v19.4.11

v19.4.12

v19.4.13

v19.4.14

v19.4.15

v19.4.16

v19.4.18

v19.4.19

v19.4.2

v19.4.20

v19.4.21

v19.4.3

v19.4.4

v19.4.5

v19.4.6

v19.4.7

v19.4.8

v19.4.9

v20.*

v20.0.0

v20.0.1

v20.0.10

v20.0.11

v20.0.12

v20.0.13

v20.0.15

v20.0.16

v20.0.17

v20.0.18

v20.0.2

v20.0.3

v20.0.4

v20.0.5

v20.0.6

v20.0.7

v20.0.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41143.json"