{"id":"CVE-2021-41143","details":"OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.\n\n","aliases":["GHSA-5vpv-xmcj-9q85"],"modified":"2026-05-18T20:50:27.068556Z","published":"2023-01-27T19:15:09.377Z","references":[{"type":"ADVISORY","url":"https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22"},{"type":"ADVISORY","url":"https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19"},{"type":"ADVISORY","url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vpv-xmcj-9q85"},{"type":"FIX","url":"https://github.com/OpenMage/magento-lts/commit/45330ff50439984e806992fa22c3f96c4d660f91"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openmage/magento-lts","events":[{"introduced":"0"},{"fixed":"d28003ffa21be11591a7182840abc7b44bdf7d14"},{"introduced":"16c8e84ddaf5d54eef1e025a241bdd5f9a60bd6f"},{"fixed":"e527e810970798b7c1ecfe1cf8d20a3e7a9aa238"},{"fixed":"45330ff50439984e806992fa22c3f96c4d660f91"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"19.4.22"},{"introduced":"20.0.0"},{"fixed":"20.0.19"}],"cpe":"cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*"}}],"versions":["v20.0.18","v19.4.21","v19.4.20","v20.0.17","v19.4.19","v20.0.16","v19.4.18","v20.0.15","v19.4.16","v20.0.13","v19.4.15","v20.0.12","v20.0.11","v19.4.14","v20.0.10","v19.4.13","v20.0.8","v19.4.12","v20.0.7","v19.4.11","v20.0.6","v19.4.10","v20.0.5","v19.4.9","v20.0.4","v19.4.8","v20.0.3","v19.4.7","v20.0.2","v19.4.6","v20.0.1","v19.4.5","v20.0.0","v19.4.4","v19.4.3","v19.4.2","v19.4.1","v19.4.0","1.9.0.1","1.9.1.1","1.9.1.0-lts","1.9.0.0","1.8.1.0","1.7.0.2","1.7.0.1","1.7.0.0","1.6.1.0","1.6.0.0","1.6.0.0-rc2","1.6.0.0-rc1","1.6.0.0-beta1","1.6.0.0-alpha1","1.5.1.0","1.5.0.1","1.5.0.0","1.5.0.0-rc2","1.5.0.0-rc1","1.5.0.0-beta2","1.5.0.0-beta1","1.5.0.0-alpha2","1.5.0.0-alpha1","1.4.2.0","1.4.1.1","1.4.1.0","1.4.0.1","1.3.2.4","1.4.0.0","1.4.0.0-rc1","1.4.0.0-beta1","1.4.0.0-alpha3","1.4.0.0-alpha2","1.4.0.0-alpha1","1.3.2.3","1.3.2.2","1.3.2.1","1.3.2","1.3.1.1","1.3.1","1.3.0","1.2.1.2","1.2.1","1.2.0.3","1.2.0.2","1.2.0.1","1.2.0","1.1.8","1.1.7","1.1.6","1.1.5","1.1.4","1.1.3","1.1.2","1.1.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41143.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}