CVE Vulnerability

CVE-2023-23617

OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 Release Notes Third Party Advisory
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 Release Notes Third Party Advisory
https://github.com/OpenMage/magento-lts/commit/494027785bdb7db53e60c11ef03c144b61cd3172 Patch Third Party Advisory
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-3p73-mm7v-4f6m Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*
cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*
Information

Published : 2023-01-28 12:15

Updated : 2023-02-07 07:02

NVD link : CVE-2023-23617

Mitre link : CVE-2023-23617

Products Affected
No products.
CWE
CWE-835