VYPR
Critical severityNVD Advisory· Published Apr 21, 2021· Updated Aug 3, 2024

Backport for CVE-2021-21024 Blind SQLi from Magento 2

CVE-2021-21427

Description

Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in versions 19.4.13 and 20.0.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openmage/magento-ltsPackagist
< 19.4.1319.4.13
openmage/magento-ltsPackagist
>= 20.0.0, < 20.0.920.0.9

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.