CVE-2023-23617
OpenMage LTS has DoS vulnerability in MaliciousCode filter
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.
OpenMage LTS es una plataforma de comercio electrónico. Las versiones anteriores a 19.4.22 y 20.0.19 contienen un bucle infinito en el filtro de código malicioso en determinadas condiciones. Las versiones 19.4.22 y 20.0.19 tienen una solución para este problema. No se conocen workarounds.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-16 CVE Reserved
- 2023-01-27 CVE Published
- 2025-03-10 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 | Release Notes | |
| https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 | Release Notes | |
| https://github.com/OpenMage/magento-lts/security/advisories/GHSA-3p73-mm7v-4f6m | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/OpenMage/magento-lts/commit/494027785bdb7db53e60c11ef03c144b61cd3172 | 2023-02-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openmage Search vendor "Openmage" | Magento Search vendor "Openmage" for product "Magento" | < 19.4.22 Search vendor "Openmage" for product "Magento" and version " < 19.4.22" | lts |
Affected
| ||||||
| Openmage Search vendor "Openmage" | Magento Search vendor "Openmage" for product "Magento" | >= 20.0.0 < 20.0.19 Search vendor "Openmage" for product "Magento" and version " >= 20.0.0 < 20.0.19" | lts |
Affected
| ||||||