OpenMage LTS has DoS vulnerability in MaliciousCode filter
CVE-2023-23617

4.9MEDIUM

Key Information:

Vendor

Openmage

Status
Magento-lts
Vendor
CVE Published:
28 January 2023

What is CVE-2023-23617?

OpenMage LTS, a popular e-commerce platform, is susceptible to an infinite loop vulnerability within its malicious code filtering mechanism. In certain conditions, the vulnerability can be triggered, leading to potential denial-of-service scenarios. This affects all versions prior to 19.4.22 and 20.0.19, however, these versions contain a fix for the issue. Mitigation is crucial as no known workarounds are available.

Affected Version(s)

magento-lts < 19.4.22 < 19.4.22

magento-lts >= 20.0.0, < 20.0.19 < 20.0.0, 20.0.19

References

https://github.com/OpenMage/magento-lts/security/advisori...
x_refsource_CONFIRM
https://github.com/OpenMage/magento-lts/commit/494027785b...
x_refsource_MISC
https://github.com/OpenMage/magento-lts/releases/tag/v19....
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.