Lucene search

GitHub Advisory DatabaseGHSA-5J2G-3PH4-RGVM

HistoryJan 27, 2023 - 12:56 a.m.

Fix for authenticated remote code execution through layout update

2023-01-2700:56:39

CWE-77

GitHub Advisory Database

github.com

remote code execution

layout update bypass

block blacklist

authenticated vulnerability fix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.2%

JSON

Impact

A layout block was able to bypass the block blacklist to execute remote code.

Affected configurations

Vulners

Node

openmagemagentoRange<20.0.19lts

openmagemagentoRange<19.4.22lts

References

github.com/advisories/GHSA-5j2g-3ph4-rgvm

github.com/OpenMage/magento-lts/commit/06c45940ba3256cdfc9feea12a3c0ca56d23acf8

github.com/OpenMage/magento-lts/releases/tag/v19.4.22

github.com/OpenMage/magento-lts/releases/tag/v20.0.19

github.com/OpenMage/magento-lts/security/advisories/GHSA-5j2g-3ph4-rgvm

nvd.nist.gov/vuln/detail/CVE-2021-41144

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.2%

JSON

Related for GHSA-5J2G-3PH4-RGVM