CVE-2021-32759: Improper Input Validation
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue.
References
- github.com/OpenMage/magento-lts/commit/34709ac642d554aa1824892059186dd329db744b
- github.com/OpenMage/magento-lts/releases/tag/v19.4.15
- github.com/OpenMage/magento-lts/releases/tag/v20.0.13
- github.com/OpenMage/magento-lts/security/advisories/GHSA-xm9f-vxmx-4m58
- github.com/advisories/GHSA-xm9f-vxmx-4m58
- nvd.nist.gov/vuln/detail/CVE-2021-32759
Detect and mitigate CVE-2021-32759 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →