Critical severityNVD Advisory· Published Apr 21, 2021· Updated Aug 3, 2024
Fixes a bug in Zend Framework's Stream HTTP Wrapper
CVE-2021-21426
Description
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework 3. The vulnerability was assigned CVE-2021-3007 in Zend Framework.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openmage/magento-ltsPackagist | < 19.4.13 | 19.4.13 |
openmage/magento-ltsPackagist | >= 20.0.0, < 20.0.9 | 20.0.9 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-m496-x567-f98cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-21426ghsaADVISORY
- github.com/OpenMage/magento-lts/security/advisories/GHSA-m496-x567-f98cghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.