magento/community-edition Security Advisories for 2.4.7-p2 (20)
-
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-yx36-4pvc-fy33 CVE-2024-45131 GHSA-xc5p-773w-m3pm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-g59s-h86c-d272 CVE-2024-45132 GHSA-5f64-ppmg-cvvm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-k213-y2gv-f361 CVE-2024-45133 GHSA-j3mh-wx5f-2vhg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-fg7g-5j9c-3snf CVE-2024-45134 GHSA-4f89-5cwm-rm5g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-t8cd-w48x-nzyk CVE-2024-45135 GHSA-8pxg-gcp4-57ww
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[LOW] Magento Open Source Improper Access Control vulnerability
PKSA-zp2y-jcbv-86tw CVE-2024-45149 GHSA-w7rg-7wq2-pjrw
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-w47m-6mjs-p6p5 CVE-2024-45116 GHSA-873m-72g6-853g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Input Validation vulnerability
PKSA-11qw-117j-ntf6 CVE-2024-45117 GHSA-3fr3-gcqh-3m2g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Access Control vulnerability
PKSA-nmsp-4zh6-c2yy CVE-2024-45118 GHSA-cg52-68fv-94qq
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-7ymh-b7jr-kcyn CVE-2024-45119 GHSA-g9fm-wc6h-pvgj
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-5bd5-9qvn-r6z1 CVE-2024-45120 GHSA-47jp-46c9-25vf
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-5d5h-vdxk-9rb4 CVE-2024-45121 GHSA-2qhq-fw98-h6wg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-trg9-zwtk-rt2y CVE-2024-45122 GHSA-46fm-x82m-5f74
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
PKSA-q3cy-4db7-mxq5 CVE-2024-45123 GHSA-88x2-cq34-5fwc
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-g52f-ss82-znpd CVE-2024-45124 GHSA-w3p2-pc3h-69wv
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-vc9p-z4vk-zhsm CVE-2024-45125 GHSA-xg36-8c2v-jpxh
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
PKSA-rc6f-2sj1-779v CVE-2024-45127 GHSA-c89g-gq5r-2xw2
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-jqmh-mscm-q45w CVE-2024-45128 GHSA-qpp7-742q-58j3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-8ttm-6rvp-fshh CVE-2024-45129 GHSA-m58h-998x-66f3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-35sf-fj41-ym76 CVE-2024-45130 GHSA-v3v6-jfvw-m576
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub