CVE-2021-39217 Information

Description

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19 Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.

Reference

https://github.com/OpenMage/magento-lts/commit/289bd4b4f53622138e3e5c2d2cef7502d780086f https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 https://github.com/OpenMage/magento-lts/security/advisories/GHSA-c9q3-r4rv-mjm7