Home > Vulnerability Database > CVE-2021-21395

Mend.io Vulnerability Database

CVE-2021-21395

Good to know:

Date: January 27, 2023

Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.

Language: PHP

Severity Score

4.2

Related Resources (8)

Url: https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19

Url: https://packagist.org/packages/openmage/magento-lts

Url: https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-21395

Url: https://hackerone.com/reports/1086752

Url: https://github.com/OpenMage/magento-lts/security/advisories/GHSA-r3c9-9j5q-pwv4

Url: https://github.com/OpenMage/magento-lts

Url: https://www.mend.io/vulnerability-database/CVE-2021-21395

Severity Score

4.2

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version v19.4.22,v20.0.19

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-21395

Good to know:

Date: January 27, 2023

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?