CVE-2021-32758
EPSS 0.36%Layout XML Arbitrary Code Fix
Published: 8/30/2021Modified: 3/13/2026
Also known as:GHSA-26rr-v2j2-25fh
Description
### Impact Layout XML enabled admin users to execute arbitrary commands via block methods.
Affected packages (1)
- Packagist/openmage/magento-ltsfrom 0, < 19.4.15
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-32758
- WEBhttps://github.com/OpenMage/magento-lts/commit/b99307d00b59c4a226a1e3e4083f02cf2fc8fce7
- WEBhttps://github.com/OpenMage/magento-lts/releases/tag/v19.4.15
- WEBhttps://github.com/OpenMage/magento-lts/releases/tag/v20.0.13
- WEBhttps://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh