Skip to main content

MAGENTO 2.2.1, 2.1.10 AND 2.0.17 PATCHES | SECURITY UPDATE

Magento Commerce and Open Source 2.2.1, 2.1.10 and 2.0.17 contain multiple security enhancements.

  • Cross-Site Scripting (XSS).
  • Local File Inclusion (LFI).
  • Authenticated Admin user remote code execution (RCE) .
  • Arbitrary File Delete vulnerabilities

APPSEC-1325: Stored XSS in Billing Agreements

 Type                  :        Cross-Site Scripting (XSS, stored)

 CVSSv3 Severity  :        5.5 (Medium)

 Known Attacks    :        None
Description         :   An administrator with limited privileges can create Billing                                                   Agreements with embedded cross-site scripting elements that                                           can subsequently lead to a stored cross-site scripting attack.

 Product(s) 
Affected             :  Magento Open Source prior to 1.9.3.7, and Magento                                                             Commerce prior to 1.14.3.7, Magento 2.0 prior to 2.0.17,                                                  Magento 2.1 prior to 2.1.10, Magento 2.2

 Fixed In              :  Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                                SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1
APPSEC-1825: PHP Object Injection in E-mail templates leading to Remote Code Execution

 Type                         :   Remote Code Execution (RCE)

 CVSSv3 Severity         : 8.2 (High)

 Known Attacks           : None

 Description                : An administrator with limited privileges  can insert                                                            malicious  code in e-mail templates, creating an                                                                 opportunity for arbitrary remote code execution.

 Product(s) Affected   : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10,                                                    Magento 2.2
Fixed In                     : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1830: PHP Object Injection in product attributes leading to Remote Code Execution

 Type                    : Remote Code Execution (RCE)

 CVSSv3 Severity   : 8.2 (High)

 Known Attacks     : None

 Description          : An administrator with limited privileges  can insert injectable                                            code in product attributes, potentially leading to arbitrary                                                 remote code execution.

 Product(s)
 Affected             : Magento Open Source prior to 1.9.3.7, and Magento Commerce                                             prior to 1.14.3.7, Magento 2.0 prior to 2.0.17, Magento 2.1                                                   prior to 2.1.10, Magento 2.2

 Fixed In                : Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                              SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1861: PHP Object Injection in product entries leading to Remote Code Execution

 Type                     : Remote Code Execution (RCE)

 CVSSv3 Severity    : 8.2 (High)

 Known Attacks      : None

 Description           : An administrator with limited privileges  can insert injectable                                             code in promo fields, creating an opportunity for arbitrary                                                  remote code execution.

 Product(s) 
Affected                : Magento Open Source prior to 1.9.3.7, and Magento Commerce                                           prior to 1.14.3.7, Magento 2.0 prior to 2.0.17, Magento 2.1                                                prior to 2.1.10, Magento 2.2

 Fixed In                 : Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                                SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1881: PHP Object Injection in Downloadable Products leading to Remote Code Execution

 Type                      : Remote Code Execution (RCE)

 CVSSv3 Severity     : 7.2 (High)

 Known Attacks       : None

 Description            : An administrator with limited privileges can create a                                                            downloadable product that can create an opportunity for                                                     arbitrary code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10,                                                    Magento 2.2

 Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1893: PHP Object Injection in product metadata leading to Remote Code Execution

 Type                    : Remote Code Execution (RCE)

 CVSSv3 Severity    : 8.2 (High)

 Known Attacks      : None

 Description           :    An administrator with limited privileges can insert injectable                                              code in the swatches feature, creating an opportunity for                                                  arbitrary remote code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10

 Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input

 Type                         : Remote Code Execution (RCE)

 CVSSv3 Severity         : 8.2 (High)

 Known Attacks           : None

 Description                :   An administrator with limited privileges can create a store                                                    website that can accept and run arbitrary remote code                                                        execution.

 Product(s) Affected    : Magento 2.0 prior to 2.0.17, Magento2.1 prior to2.1.10,                                                         Magento 2.2

 Fixed In                      : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1910: Local File Inclusion (LFI) in Import History

 Type                           : Local File Inclusion + Potential RCE

 CVSSv3 Severity           : 6.1 (Medium)

 Known Attacks             : None

 Description                  :   An administrator with limited privileges can delete                                                            critical system control files to subsequently gain                                                                 privilege escalation through the Import History section.

 Product(s) Affected      : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to                                                                 2.1.10, Magento 2.2

 Fixed In                        : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1930: PHP Object Injection in Widgets leading to Remote Code Execution

 Type                             : Remote Code Execution (RCE)

 CVSSv3 Severity             : 8.2 (High)
Known Attacks               : None

 Description                    : An administrator with limited privileges  can insert a                                                          widget block containing malicious code, creating an                                                             opportunity for  arbitrary remote code execution.

 Product(s) Affected        : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10

 Fixed In                         : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1931             :      PHP Object Injection in Zend Framework 
                                        leading to Arbitrary File Deletion

 APPSEC-1931            :  PHP Object Injection in Zend Framework leading to Arbitrary                                             File  Deletion

 Type                       : Arbitrary File Delete

 CVSSv3 Severity      : 7.2 (High)

 Known Attacks       :    None

 Description            : An administrator with limited privileges can inject malicious                                                code that can cause sensitive files to be deleted. He could                                                  then  launch a second stage payload that would lead to                                                       arbitrary remote code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10
Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1


Labels:

Comments

  1. Nathan Duference28 September 2020 at 22:41

    Thank you for sharing such useful information. I really enjoyed while reading your article and it is good to know the latest updates. Do post more. And also read about Magento 2 Development Company

    ReplyDelete

Post a Comment

Popular posts from this blog

How to add bootstrap css to Magento 2 theme | Magento Developer's Diary

what I need to do is to include bootstrap to my theme (currently i'm working on luma theme) to customized it in my own requirement . later on I will use blank theme.let's start May be this is wrong way to do but I do this way. Comments are welcomed to correct me. Preconditions: 1. Magento 2.2.0 installed with sample data (luma & blank theme)  Expected Layout:  Result:  add my css to file My_Magento2_folder(m2)/pub/media/style.css .half-web{ padding:0; margin:5px 0px; width:100%; height:359px; background-color:#ccc; display:block; } .full-web{ padding:0; margin:5px 0px; width:100%; height:200px; background-color:#bec894; display:block; } .container { padding-right: 5px; padding-left: 5px; margin-right: auto; margin-left: auto; } .row { margin-right: -5px; margin-left: -5px; } .col-xs-1, .col-sm-1, .col-md-1, { position: static; min-height: 1px; padding-right: 5px; padding-left: 5px; } and html design on homepage block in backend ...
3 comments
Read more

How to remove subscriber box and footer links from footer in Magento 2

Preconditions: I installed Magento 2 with sample data used luma theme for customised right now . Now I'm trying to remove Footer subscriber form  in mycustom theme which I created before.  As I tried to remove it from layout by m2\vendor\magento\theme-frontend-luma\Magento_Theme\layout\default.xml Just need to copy paste      <referenceBlock name="form.subscribe" remove="true" /> if you want to remove footer then you remove block like this.       <referenceBlock name="footer_links" remove="true" /> in above file file  m2\vendor\magento\theme-frontend-luma\Magento_Theme\layout\default.xml default.xml file used to change layout of page if file doesn't exist then you can create your own file <?xml version="1.0"?> <page layout="1column" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"      xsi:noNamespaceSchemaLocation="../../../../...
2 comments
Read more

Magento 2 Shared Packages

The purpose of Shared Packages is to organize your Composer modules Shared Packages functionality gives developers more fine-grained control for organizing code.  Developers that already have or envision having various products in their portfolio (whether they be extensions or themes) that share common code and libraries will want to take advantage of Shared Packages.  This functionality allows developers to market their products as a set and increase their sales.  A developer can specify, for example, that in order for customers to run extension B, customers must first purchase and install extension A. Creation of shared packages is relevant only for products for the Magento 2.0 platform.  All shared code and shared libraries can be zipped and uploaded one-by-one (one zip file per module) via the “Shared Packages” tab. I recently submitted my magento 2 packages successfully with status Ready to use. 
Post a Comment
Read more