What is CVE-2023-23617?

CVE-2023-23617 is a medium-severity vulnerability in Openmage Magento-lts, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 4.9/10. Published 2023-01-27.

How severe is CVE-2023-23617?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Vulnerability in Openmage Magento-lts

CVE-2023-23617

OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.

EPSS: 0.003 (51.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.

Affected products

Openmage Magento-lts — versions < 19.4.22, >= 20.0.0, < 20.0.19

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-3p73-mm7v-4f6m (x_refsource_CONFIRM)
https://github.com/OpenMage/magento-lts/commit/494027785bdb7db53e60c11ef03c144b61cd3172 (x_refsource_MISC)
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 (x_refsource_MISC)
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-23617?: CVE-2023-23617 is a medium-severity vulnerability in Openmage Magento-lts, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 4.9/10. Published 2023-01-27.
How severe is CVE-2023-23617?: Medium severity. CVSS v3 base score is 4.9 out of 10.