CVE-2023-23617— OpenMage LTS has DoS vulnerability in MaliciousCode filter
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-23617
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenMage LTS has DoS vulnerability in MaliciousCode filter
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenMage Magento Lts 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenMage Magento Lts(Magento)是OpenMage组织的一个电子商务系统。 OpenMage LTS 19.4.22之前版本、20.0.19之前版本存在安全漏洞,该漏洞源于在恶意代码过滤器中包含无限循环。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OpenMage | magento-lts | < 19.4.22 | - |
II. Public POCs for CVE-2023-23617
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-23617
请登录查看更多情报信息。
- https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19x_refsource_MISC
- https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2023-23617
Same Patch Batch · OpenMage · 2023-01-27 · 6 CVEs total
| CVE-2021-41144 | 8.8 HIGH | OpenMage LTS authenticated remote code execution through layout update |
| CVE-2021-39217 | 7.2 HIGH | OpenMage LTS arbitrary command execution in custom layout update through blocks |
| CVE-2021-41143 | 7.2 HIGH | OpenMage LTS arbitrary file deletion in customer media allows for remote code execution |
| CVE-2021-41231 | 7.2 HIGH | OpenMage LTS DataFlow upload remote code execution vulnerability |
| CVE-2021-21395 | 4.2 MEDIUM | Magneto-lts vulnerable to Cross-Site Request Forgery |
IV. Related Vulnerabilities
Same product: magento-lts
- CVE-2026-40488
OpenMage LTS has Customer File Upload Extension Blocklist By - CVE-2026-40098
OpenMage LTS imports cross-user wishlist item via shared wis - CVE-2026-25525
OpenMage LTS has Path Traversal Filter Bypass in Dataflow Mo - CVE-2026-25524
OpenMage LTS's Phar Deserialization leads to Remote Code Exe - CVE-2026-25523
Magento's X-Original-Url header can expose admin url
Same vendor: OpenMage
- CVE-2026-40488
OpenMage LTS has Customer File Upload Extension Blocklist By - CVE-2026-40098
OpenMage LTS imports cross-user wishlist item via shared wis - CVE-2026-25525
OpenMage LTS has Path Traversal Filter Bypass in Dataflow Mo - CVE-2026-25524
OpenMage LTS's Phar Deserialization leads to Remote Code Exe - CVE-2026-25523
Magento's X-Original-Url header can expose admin url
Same weakness: CWE-835
- CVE-2026-42310
Pillow: PDF Parsing Trailer Infinite Loop (DoS) - CVE-2026-41511
OpenMcdf has an Infinite loop DoS via crafted CFB directory - CVE-2026-5407
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6536
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6534
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi
V. Comments for CVE-2023-23617
No comments yet