CVE-2021-21426
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 abr 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework 3. The vulnerability was assigned CVE-2021-3007 in Zend Framework.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
OpenMage · magento-ltsQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →