Skip to main content

MAGENTO 2.2.1, 2.1.10 AND 2.0.17 PATCHES | SECURITY UPDATE

Magento Commerce and Open Source 2.2.1, 2.1.10 and 2.0.17 contain multiple security enhancements.

  • Cross-Site Scripting (XSS).
  • Local File Inclusion (LFI).
  • Authenticated Admin user remote code execution (RCE) .
  • Arbitrary File Delete vulnerabilities

APPSEC-1325: Stored XSS in Billing Agreements

 Type                  :        Cross-Site Scripting (XSS, stored)

 CVSSv3 Severity  :        5.5 (Medium)

 Known Attacks    :        None
Description         :   An administrator with limited privileges can create Billing                                                   Agreements with embedded cross-site scripting elements that                                           can subsequently lead to a stored cross-site scripting attack.

 Product(s) 
Affected             :  Magento Open Source prior to 1.9.3.7, and Magento                                                             Commerce prior to 1.14.3.7, Magento 2.0 prior to 2.0.17,                                                  Magento 2.1 prior to 2.1.10, Magento 2.2

 Fixed In              :  Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                                SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1
APPSEC-1825: PHP Object Injection in E-mail templates leading to Remote Code Execution

 Type                         :   Remote Code Execution (RCE)

 CVSSv3 Severity         : 8.2 (High)

 Known Attacks           : None

 Description                : An administrator with limited privileges  can insert                                                            malicious  code in e-mail templates, creating an                                                                 opportunity for arbitrary remote code execution.

 Product(s) Affected   : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10,                                                    Magento 2.2
Fixed In                     : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1830: PHP Object Injection in product attributes leading to Remote Code Execution

 Type                    : Remote Code Execution (RCE)

 CVSSv3 Severity   : 8.2 (High)

 Known Attacks     : None

 Description          : An administrator with limited privileges  can insert injectable                                            code in product attributes, potentially leading to arbitrary                                                 remote code execution.

 Product(s)
 Affected             : Magento Open Source prior to 1.9.3.7, and Magento Commerce                                             prior to 1.14.3.7, Magento 2.0 prior to 2.0.17, Magento 2.1                                                   prior to 2.1.10, Magento 2.2

 Fixed In                : Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                              SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1861: PHP Object Injection in product entries leading to Remote Code Execution

 Type                     : Remote Code Execution (RCE)

 CVSSv3 Severity    : 8.2 (High)

 Known Attacks      : None

 Description           : An administrator with limited privileges  can insert injectable                                             code in promo fields, creating an opportunity for arbitrary                                                  remote code execution.

 Product(s) 
Affected                : Magento Open Source prior to 1.9.3.7, and Magento Commerce                                           prior to 1.14.3.7, Magento 2.0 prior to 2.0.17, Magento 2.1                                                prior to 2.1.10, Magento 2.2

 Fixed In                 : Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                                SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1881: PHP Object Injection in Downloadable Products leading to Remote Code Execution

 Type                      : Remote Code Execution (RCE)

 CVSSv3 Severity     : 7.2 (High)

 Known Attacks       : None

 Description            : An administrator with limited privileges can create a                                                            downloadable product that can create an opportunity for                                                     arbitrary code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10,                                                    Magento 2.2

 Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1893: PHP Object Injection in product metadata leading to Remote Code Execution

 Type                    : Remote Code Execution (RCE)

 CVSSv3 Severity    : 8.2 (High)

 Known Attacks      : None

 Description           :    An administrator with limited privileges can insert injectable                                              code in the swatches feature, creating an opportunity for                                                  arbitrary remote code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10

 Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input

 Type                         : Remote Code Execution (RCE)

 CVSSv3 Severity         : 8.2 (High)

 Known Attacks           : None

 Description                :   An administrator with limited privileges can create a store                                                    website that can accept and run arbitrary remote code                                                        execution.

 Product(s) Affected    : Magento 2.0 prior to 2.0.17, Magento2.1 prior to2.1.10,                                                         Magento 2.2

 Fixed In                      : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1910: Local File Inclusion (LFI) in Import History

 Type                           : Local File Inclusion + Potential RCE

 CVSSv3 Severity           : 6.1 (Medium)

 Known Attacks             : None

 Description                  :   An administrator with limited privileges can delete                                                            critical system control files to subsequently gain                                                                 privilege escalation through the Import History section.

 Product(s) Affected      : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to                                                                 2.1.10, Magento 2.2

 Fixed In                        : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1930: PHP Object Injection in Widgets leading to Remote Code Execution

 Type                             : Remote Code Execution (RCE)

 CVSSv3 Severity             : 8.2 (High)
Known Attacks               : None

 Description                    : An administrator with limited privileges  can insert a                                                          widget block containing malicious code, creating an                                                             opportunity for  arbitrary remote code execution.

 Product(s) Affected        : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10

 Fixed In                         : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1931             :      PHP Object Injection in Zend Framework 
                                        leading to Arbitrary File Deletion

 APPSEC-1931            :  PHP Object Injection in Zend Framework leading to Arbitrary                                             File  Deletion

 Type                       : Arbitrary File Delete

 CVSSv3 Severity      : 7.2 (High)

 Known Attacks       :    None

 Description            : An administrator with limited privileges can inject malicious                                                code that can cause sensitive files to be deleted. He could                                                  then  launch a second stage payload that would lead to                                                       arbitrary remote code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10
Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1


Labels:

Comments

  1. Nathan Duference28 September 2020 at 22:41

    Thank you for sharing such useful information. I really enjoyed while reading your article and it is good to know the latest updates. Do post more. And also read about Magento 2 Development Company

    ReplyDelete

Post a Comment

Popular posts from this blog

How to add bootstrap css to Magento 2 theme | Magento Developer's Diary

what I need to do is to include bootstrap to my theme (currently i'm working on luma theme) to customized it in my own requirement . later on I will use blank theme.let's start May be this is wrong way to do but I do this way. Comments are welcomed to correct me. Preconditions: 1. Magento 2.2.0 installed with sample data (luma & blank theme)  Expected Layout:  Result:  add my css to file My_Magento2_folder(m2)/pub/media/style.css .half-web{ padding:0; margin:5px 0px; width:100%; height:359px; background-color:#ccc; display:block; } .full-web{ padding:0; margin:5px 0px; width:100%; height:200px; background-color:#bec894; display:block; } .container { padding-right: 5px; padding-left: 5px; margin-right: auto; margin-left: auto; } .row { margin-right: -5px; margin-left: -5px; } .col-xs-1, .col-sm-1, .col-md-1, { position: static; min-height: 1px; padding-right: 5px; padding-left: 5px; } and html design on homepage block in backend <
3 comments
Read more

How to remove subscriber box and footer links from footer in Magento 2

Preconditions: I installed Magento 2 with sample data used luma theme for customised right now . Now I'm trying to remove Footer subscriber form  in mycustom theme which I created before.  As I tried to remove it from layout by m2\vendor\magento\theme-frontend-luma\Magento_Theme\layout\default.xml Just need to copy paste      <referenceBlock name="form.subscribe" remove="true" /> if you want to remove footer then you remove block like this.       <referenceBlock name="footer_links" remove="true" /> in above file file  m2\vendor\magento\theme-frontend-luma\Magento_Theme\layout\default.xml default.xml file used to change layout of page if file doesn't exist then you can create your own file <?xml version="1.0"?> <page layout="1column" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"      xsi:noNamespaceSchemaLocation="../../../../
2 comments
Read more

How to Create New theme in Magento 2.x with Sample Data Like Luma Theme

As previously I added bootstrap css file to luma theme . Now I tried to create new theme use blank theme instead of luma theme THIS IS MY WAY TO LEARN : 1. HOW TO DO IT = > HOW IT'S WORK This is first part of my journey how to do it. 1. Create theme directory Firstly,I created folders in m2(my magento 2 folder)/app/design/frontend/Lalit (vendor/namespace) app/design/frontend/                                              ├── <Vendor>/ │   │   ├──…<theme>/ │   │   │   ├── … │   │   │   ├── … compare to this structure I created folder like this  app/design/frontend/ ├── Lalit/ │   │   ├──…MyTheme/ │   │   │   ├── … │   │   │   ├── … 2.   Declare theme/  Create the theme.xml in app/design/frontend/Lalit/MyTheme <theme xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Config/etc/theme.xsd">      <title>Lalit - MyTheme</title> <!-- your theme's name
1 comment
Read more