First published: Fri Aug 27 2021(Updated: )
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openmage Openmage | <19.4.15 | |
Openmage Openmage | >=20.0.00<20.0.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32758 is a vulnerability in OpenMage Magento LTS that allows admin users to execute arbitrary commands via block methods.
CVE-2021-32758 has a severity rating of 7.2, which is classified as critical.
If your OpenMage version is prior to 19.4.15 or between 20.0.00 and 20.0.11, then it is affected by CVE-2021-32758.
To fix CVE-2021-32758, you should update your OpenMage version to the latest release, starting from v19.4.15 or v20.0.11, as they have patched this issue.
You can find more information about CVE-2021-32758 on the OpenMage GitHub repository, including the patched versions and security advisories.