Skip to content

Fix for arbitrary command execution in custom layout update through blocks

High
mark-netalico published GHSA-c9q3-r4rv-mjm7 Jan 26, 2023

Package

No package listed

Affected versions

<= 19.4.21, <= 20.0.18

Patched versions

None

Description

Impact

Custom Layout enabled admin users to execute arbitrary commands via block methods.

Patches

The latest OpenMage Versions up from v19.4.13 and v20.0.11 have this Issue solved

Severity

High

CVE ID

CVE-2021-39217

Weaknesses

No CWEs