ghsa-m496-x567-f98c
Vulnerability from github
Published
2021-04-22 16:10
Modified
2021-04-30 20:19
Severity ?
Summary
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Details
Impact
CVE-2021-3007: Backport of Zend_Http_Response_Stream, added certain type checking as a way to prevent exploitation. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abuses the Zend3 feature that loads classes from objects in order to upload and execute malicious code in the server. The code can be uploaded using the “callback” parameter, which in this case inserts a malicious code instead of the “callbackOptions” array.
Patches
Has the problem been patched? What versions should users upgrade to? v20.0.9 v19.4.13
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 19.4.12"
},
"package": {
"ecosystem": "Packagist",
"name": "openmage/magento-lts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "19.4.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 20.0.8"
},
"package": {
"ecosystem": "Packagist",
"name": "openmage/magento-lts"
},
"ranges": [
{
"events": [
{
"introduced": "20.0.0"
},
{
"fixed": "20.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21426"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-21T20:16:53Z",
"nvd_published_at": "2021-04-21T21:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nCVE-2021-3007: Backport of Zend_Http_Response_Stream, added certain type checking as a way to prevent exploitation. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007\n\nThis vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abuses the Zend3 feature that loads classes from objects in order to upload and execute malicious code in the server. The code can be uploaded using the \u201ccallback\u201d parameter, which in this case inserts a malicious code instead of the \u201ccallbackOptions\u201d array.\n\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nv20.0.9 v19.4.13",
"id": "GHSA-m496-x567-f98c",
"modified": "2021-04-30T20:19:58Z",
"published": "2021-04-22T16:10:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-m496-x567-f98c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21426"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Fixes a bug in Zend Framework\u0027s Stream HTTP Wrapper"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.