Name of the Vulnerable Software and Affected Versions Zend Framework 1 (affected versions not specified) Magento 1 (affected versions not specified)

Description The issue allows for remote code execution and is considered critical, although few systems are affected. To be vulnerable, the installation must use sendmail as the mail transport agent and have specific, non-default configuration settings.

Recommendations For Zend Framework 1, update the library to prevent remote code execution. For Magento 1, apply the specific, non-default configuration settings as described to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.