Headline
GHSA-5j2g-3ph4-rgvm: Fix for authenticated remote code execution through layout update
Impact
A layout block was able to bypass the block blacklist to execute remote code.
Fix for authenticated remote code execution through layout update
High severity GitHub Reviewed Published Jan 27, 2023 in OpenMage/magento-lts • Updated Jan 27, 2023
Related news
CVE-2021-41143: Release v19.4.22 · OpenMage/magento-lts
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
CVE-2021-41144: Fix for authenticated remote code execution through layout update
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.