VYPR
Critical severityNVD Advisory· Published Apr 21, 2021· Updated Aug 3, 2024

Fixes a bug in Zend Framework's Stream HTTP Wrapper

CVE-2021-21426

Description

Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework 3. The vulnerability was assigned CVE-2021-3007 in Zend Framework.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openmage/magento-ltsPackagist
< 19.4.1319.4.13
openmage/magento-ltsPackagist
>= 20.0.0, < 20.0.920.0.9

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.