CVE-2021-21426
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework 3. The vulnerability was assigned CVE-2021-3007 in Zend Framework.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenMage | magento-lts | <= 19.4.12 | affected |
| OpenMage | magento-lts | <= 20.0.8 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.