Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/215246?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/215246?format=api", "purl": "pkg:composer/magento/community-edition@2.0.0-rc2", "type": "composer", "namespace": "magento", "name": "community-edition", "version": "2.0.0-rc2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.6-p13", "latest_non_vulnerable_version": "2.4.9-alpha3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111547?format=api", "vulnerability_id": "VCID-1b6m-qfes-mqab", "summary": "Magento Insufficient Session Expiration\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38109", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21031" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21031", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21031" }, { "reference_url": "https://github.com/advisories/GHSA-4h3p-63x6-vwg2", "reference_id": "GHSA-4h3p-63x6-vwg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h3p-63x6-vwg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21031", "GHSA-4h3p-63x6-vwg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1b6m-qfes-mqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57823?format=api", "vulnerability_id": "VCID-1jsp-392b-2fgb", "summary": "Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.66592", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558", "reference_id": "CVE-2025-49558", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558" }, { "reference_url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj", "reference_id": "GHSA-wcmw-8xpp-rwfj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86026?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/86025?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/86024?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/86023?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/86022?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49558", "GHSA-wcmw-8xpp-rwfj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jsp-392b-2fgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41444?format=api", "vulnerability_id": "VCID-1k4q-2ttb-13hd", "summary": "Information Exposure\nMagento is vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73061", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73099", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28566" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28566", "reference_id": "CVE-2021-28566", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28566" }, { "reference_url": "https://github.com/advisories/GHSA-w942-fw92-mqm2", "reference_id": "GHSA-w942-fw92-mqm2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w942-fw92-mqm2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3" } ], "aliases": [ "CVE-2021-28566", "GHSA-w942-fw92-mqm2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1k4q-2ttb-13hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111549?format=api", "vulnerability_id": "VCID-1vw9-9rmg-ekdz", "summary": "Magento command injection vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0323", "scoring_system": "epss", "scoring_elements": "0.87306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0323", "scoring_system": "epss", "scoring_elements": "0.87328", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9578" }, { "reference_url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9578", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9578" }, { "reference_url": "https://github.com/advisories/GHSA-724x-gqhv-9c5x", "reference_id": "GHSA-724x-gqhv-9c5x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-724x-gqhv-9c5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9578", "GHSA-724x-gqhv-9c5x" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vw9-9rmg-ekdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111949?format=api", "vulnerability_id": "VCID-2fd4-t2w2-8uhd", "summary": "Magento stored cross-site scripting vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55278", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55335", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9577" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9577", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9577" }, { "reference_url": "https://github.com/advisories/GHSA-689w-2f93-2x67", "reference_id": "GHSA-689w-2f93-2x67", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-689w-2f93-2x67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9577", "GHSA-689w-2f93-2x67" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fd4-t2w2-8uhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112156?format=api", "vulnerability_id": "VCID-2g87-y8ek-xfdr", "summary": "Magento affected by a server-side denial-of-service using a GraphQL field\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01739", "scoring_system": "epss", "scoring_elements": "0.82853", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01739", "scoring_system": "epss", "scoring_elements": "0.82879", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36044" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36044", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36044" }, { "reference_url": "https://github.com/advisories/GHSA-wr57-3h2f-3q95", "reference_id": "GHSA-wr57-3h2f-3q95", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wr57-3h2f-3q95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36044", "GHSA-wr57-3h2f-3q95" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2g87-y8ek-xfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111728?format=api", "vulnerability_id": "VCID-2ttz-k7d2-jucf", "summary": "Magento is affected by an os command injection via the Data collection endpoint\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08668", "scoring_system": "epss", "scoring_elements": "0.92607", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08668", "scoring_system": "epss", "scoring_elements": "0.9262", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36024" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36024", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36024" }, { "reference_url": "https://github.com/advisories/GHSA-qmq6-jpvg-j547", "reference_id": "GHSA-qmq6-jpvg-j547", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qmq6-jpvg-j547" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36024", "GHSA-qmq6-jpvg-j547" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ttz-k7d2-jucf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56632?format=api", "vulnerability_id": "VCID-2vsw-t8k2-4bfm", "summary": "Adobe Commerce Improper Authorization vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24409" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:11:11Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24409", "reference_id": "CVE-2025-24409", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24409" }, { "reference_url": "https://github.com/advisories/GHSA-vw47-79jv-3598", "reference_id": "GHSA-vw47-79jv-3598", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vw47-79jv-3598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24409", "GHSA-vw47-79jv-3598" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vsw-t8k2-4bfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45958?format=api", "vulnerability_id": "VCID-36ve-7wxt-z7fz", "summary": "Magento affected by remote code execution vulnerability in the CMS page scheduled update feature\nMagento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01308", "scoring_system": "epss", "scoring_elements": "0.80129", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01308", "scoring_system": "epss", "scoring_elements": "0.80155", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36021" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-13T15:48:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36021", "reference_id": "CVE-2021-36021", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36021" }, { "reference_url": "https://github.com/advisories/GHSA-4g27-q2w9-m8m8", "reference_id": "GHSA-4g27-q2w9-m8m8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4g27-q2w9-m8m8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36021", "GHSA-4g27-q2w9-m8m8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36ve-7wxt-z7fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57442?format=api", "vulnerability_id": "VCID-3g5s-hryc-5qa9", "summary": "Magneto contains stored XSS vulnerability\nMagento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72632", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110", "reference_id": "CVE-2025-47110", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110" }, { "reference_url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r", "reference_id": "GHSA-j934-vjh5-vf9r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85378?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/85377?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/85376?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85398?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70852?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-47110", "GHSA-j934-vjh5-vf9r" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g5s-hryc-5qa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55685?format=api", "vulnerability_id": "VCID-3zcy-b3th-ukhd", "summary": "Magento Improper Access Control Leads to Privilege escalation\nAdobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46342", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39419" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:00Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39419", "reference_id": "CVE-2024-39419", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39419" }, { "reference_url": "https://github.com/advisories/GHSA-74w7-cr4v-wf2v", "reference_id": "GHSA-74w7-cr4v-wf2v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-74w7-cr4v-wf2v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39419", "GHSA-74w7-cr4v-wf2v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zcy-b3th-ukhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112379?format=api", "vulnerability_id": "VCID-4cbe-djqs-tug1", "summary": "Magento is affected by an improper input validation vulnerability\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.71112", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.71155", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36032" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36032", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36032" }, { "reference_url": "https://github.com/advisories/GHSA-5vw8-r55w-f4q4", "reference_id": "GHSA-5vw8-r55w-f4q4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vw8-r55w-f4q4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36032", "GHSA-5vw8-r55w-f4q4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cbe-djqs-tug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57444?format=api", "vulnerability_id": "VCID-4dae-vty8-b7hk", "summary": "Magento Improper Access Control leads to security feature bypass\nAdobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72543", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27206" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T18:08:33Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27206", "reference_id": "CVE-2025-27206", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27206" }, { "reference_url": "https://github.com/advisories/GHSA-g2pj-xmxq-3r9q", "reference_id": "GHSA-g2pj-xmxq-3r9q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g2pj-xmxq-3r9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85378?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/85377?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/85376?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70852?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-27206", "GHSA-g2pj-xmxq-3r9q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dae-vty8-b7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111112?format=api", "vulnerability_id": "VCID-4dpj-5zh4-4fgv", "summary": "Magento command injection vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.031", "scoring_system": "epss", "scoring_elements": "0.87045", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.031", "scoring_system": "epss", "scoring_elements": "0.87067", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9576" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9576", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9576" }, { "reference_url": "https://github.com/advisories/GHSA-4f7x-gjqc-qqpg", "reference_id": "GHSA-4f7x-gjqc-qqpg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4f7x-gjqc-qqpg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151117?format=api", "purl": "pkg:composer/magento/community-edition@2.2.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9576", "GHSA-4f7x-gjqc-qqpg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dpj-5zh4-4fgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111541?format=api", "vulnerability_id": "VCID-4w1v-es9j-subp", "summary": "Magento XML Injection vulnerability in the 'City' field\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31066", "scoring_system": "epss", "scoring_elements": "0.96838", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.31066", "scoring_system": "epss", "scoring_elements": "0.96843", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36020" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36020", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36020" }, { "reference_url": "https://github.com/advisories/GHSA-xvpx-6hh8-7h72", "reference_id": "GHSA-xvpx-6hh8-7h72", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvpx-6hh8-7h72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36020", "GHSA-xvpx-6hh8-7h72" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w1v-es9j-subp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55687?format=api", "vulnerability_id": "VCID-5gxr-xksz-5ydb", "summary": "Magento Improper Authorization leads to security feature bypass\nMagento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54196", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39411" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39411", "reference_id": "CVE-2024-39411", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39411" }, { "reference_url": "https://github.com/advisories/GHSA-qm77-mqf3-fmhq", "reference_id": "GHSA-qm77-mqf3-fmhq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm77-mqf3-fmhq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39411", "GHSA-qm77-mqf3-fmhq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5gxr-xksz-5ydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111460?format=api", "vulnerability_id": "VCID-5ppd-jm8d-97eh", "summary": "Magento business logic error vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.75132", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.75161", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9630" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9630", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9630" }, { "reference_url": "https://github.com/advisories/GHSA-5j4w-v87m-8r65", "reference_id": "GHSA-5j4w-v87m-8r65", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5j4w-v87m-8r65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9630", "GHSA-5j4w-v87m-8r65" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ppd-jm8d-97eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111521?format=api", "vulnerability_id": "VCID-69wt-c418-mubr", "summary": "Magento Open Source allows Cross-Site Request Forgery (CSRF)\nAdobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to a customer's cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77333", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77304", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39864" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-86.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:10:33Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-86.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39864", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39864" }, { "reference_url": "https://github.com/advisories/GHSA-94wq-87g6-8h77", "reference_id": "GHSA-94wq-87g6-8h77", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94wq-87g6-8h77" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153002?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" } ], "aliases": [ "CVE-2021-39864", "GHSA-94wq-87g6-8h77" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69wt-c418-mubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111409?format=api", "vulnerability_id": "VCID-6mjf-p1d9-8qa1", "summary": "Magento stored cross-site scripting vulnerability\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01528", "scoring_system": "epss", "scoring_elements": "0.81624", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01528", "scoring_system": "epss", "scoring_elements": "0.81654", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36027" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36027", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36027" }, { "reference_url": "https://github.com/advisories/GHSA-x2v2-2jhp-c5hv", "reference_id": "GHSA-x2v2-2jhp-c5hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2v2-2jhp-c5hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36027", "GHSA-x2v2-2jhp-c5hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mjf-p1d9-8qa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57531?format=api", "vulnerability_id": "VCID-6p6q-ctya-q3bv", "summary": "Magento Authenticated Security feature bypass\nMagento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66971", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49549" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:12:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49549", "reference_id": "CVE-2025-49549", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49549" }, { "reference_url": "https://github.com/advisories/GHSA-85jx-x9r4-45m2", "reference_id": "GHSA-85jx-x9r4-45m2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-85jx-x9r4-45m2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85378?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/85377?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/85376?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70852?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49549", "GHSA-85jx-x9r4-45m2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6p6q-ctya-q3bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56639?format=api", "vulnerability_id": "VCID-6tx4-wexr-fkbb", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35712", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24437" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:35Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24437", "reference_id": "CVE-2025-24437", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24437" }, { "reference_url": "https://github.com/advisories/GHSA-469f-wf4f-3jjv", "reference_id": "GHSA-469f-wf4f-3jjv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-469f-wf4f-3jjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24437", "GHSA-469f-wf4f-3jjv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tx4-wexr-fkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112057?format=api", "vulnerability_id": "VCID-6wdt-8fbe-hkbe", "summary": "Magento Improper Authorization vulnerability in the customers module\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27852", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27786", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28567" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28567", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28567" }, { "reference_url": "https://github.com/advisories/GHSA-cc3w-r3w8-hfh7", "reference_id": "GHSA-cc3w-r3w8-hfh7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cc3w-r3w8-hfh7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28567", "GHSA-cc3w-r3w8-hfh7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wdt-8fbe-hkbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111962?format=api", "vulnerability_id": "VCID-6x2s-f7fh-4yac", "summary": "Magento stored cross-site scripting vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55278", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55335", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9581" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9581", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9581" }, { "reference_url": "https://github.com/advisories/GHSA-2w2x-7qgj-4x78", "reference_id": "GHSA-2w2x-7qgj-4x78", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2w2x-7qgj-4x78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9581", "GHSA-2w2x-7qgj-4x78" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6x2s-f7fh-4yac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55986?format=api", "vulnerability_id": "VCID-7pr7-uqp1-sugt", "summary": "Magento Open Source Improper Access Control vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24284", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45130" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:33Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45130", "reference_id": "CVE-2024-45130", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45130" }, { "reference_url": "https://github.com/advisories/GHSA-v3v6-jfvw-m576", "reference_id": "GHSA-v3v6-jfvw-m576", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v3v6-jfvw-m576" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45130", "GHSA-v3v6-jfvw-m576" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pr7-uqp1-sugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55982?format=api", "vulnerability_id": "VCID-7s3w-8dn6-jqh7", "summary": "Magento Open Source Improper Access Control vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45124" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:17Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45124", "reference_id": "CVE-2024-45124", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45124" }, { "reference_url": "https://github.com/advisories/GHSA-w3p2-pc3h-69wv", "reference_id": "GHSA-w3p2-pc3h-69wv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w3p2-pc3h-69wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45124", "GHSA-w3p2-pc3h-69wv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7s3w-8dn6-jqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56638?format=api", "vulnerability_id": "VCID-7s74-rdkp-vyaf", "summary": "Magento Incorrect Authorization vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35372", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24421" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:01Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24421", "reference_id": "CVE-2025-24421", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24421" }, { "reference_url": "https://github.com/advisories/GHSA-v6r2-425c-hfrr", "reference_id": "GHSA-v6r2-425c-hfrr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v6r2-425c-hfrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24421", "GHSA-v6r2-425c-hfrr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7s74-rdkp-vyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52901?format=api", "vulnerability_id": "VCID-87ka-etbj-pfen", "summary": "Cross-Site Request Forgery (CSRF)\nOpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25265", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15151" }, { "reference_url": "https://github.com/OpenMage/magento-lts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OpenMage/magento-lts" }, { "reference_url": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15151", "reference_id": "CVE-2020-15151", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15151" }, { "reference_url": "https://github.com/advisories/GHSA-crf2-xm6x-46p6", "reference_id": "GHSA-crf2-xm6x-46p6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crf2-xm6x-46p6" }, { "reference_url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6", "reference_id": "GHSA-crf2-xm6x-46p6", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/60732?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0" } ], "aliases": [ "CVE-2020-15151", "GHSA-crf2-xm6x-46p6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87ka-etbj-pfen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111051?format=api", "vulnerability_id": "VCID-8ape-agd1-s7hf", "summary": "Magento Improper Access Control\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29099", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21020" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21020", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21020" }, { "reference_url": "https://github.com/advisories/GHSA-2j6v-829g-885q", "reference_id": "GHSA-2j6v-829g-885q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j6v-829g-885q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21020", "GHSA-2j6v-829g-885q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ape-agd1-s7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56636?format=api", "vulnerability_id": "VCID-8hx4-r8bb-n7ge", "summary": "Magento stored Cross-Site Scripting (XSS) vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77594", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24428" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24428", "reference_id": "CVE-2025-24428", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24428" }, { "reference_url": "https://github.com/advisories/GHSA-mm87-rrqx-94cr", "reference_id": "GHSA-mm87-rrqx-94cr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm87-rrqx-94cr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24428", "GHSA-mm87-rrqx-94cr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hx4-r8bb-n7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56625?format=api", "vulnerability_id": "VCID-8ky6-w2nk-9bds", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28955", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24411" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:40Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24411", "reference_id": "CVE-2025-24411", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24411" }, { "reference_url": "https://github.com/advisories/GHSA-36hw-x3cc-m258", "reference_id": "GHSA-36hw-x3cc-m258", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-36hw-x3cc-m258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24411", "GHSA-36hw-x3cc-m258" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ky6-w2nk-9bds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57107?format=api", "vulnerability_id": "VCID-8shb-t5zp-rqbu", "summary": "Magento Improper Access Control leads to Security feature bypass\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50333", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27190" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:02Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27190", "reference_id": "CVE-2025-27190", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27190" }, { "reference_url": "https://github.com/advisories/GHSA-6wq7-cg9h-mj6q", "reference_id": "GHSA-6wq7-cg9h-mj6q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6wq7-cg9h-mj6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84773?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/84774?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84775?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/84776?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27190", "GHSA-6wq7-cg9h-mj6q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8shb-t5zp-rqbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111210?format=api", "vulnerability_id": "VCID-8u5e-d6nx-3khc", "summary": "Magento Path Traversal vulnerability via the `theme[preview_image]` parameter\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1031", "scoring_system": "epss", "scoring_elements": "0.93313", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1031", "scoring_system": "epss", "scoring_elements": "0.93325", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36031" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36031", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36031" }, { "reference_url": "https://github.com/advisories/GHSA-7w95-qwhh-q9p3", "reference_id": "GHSA-7w95-qwhh-q9p3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7w95-qwhh-q9p3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36031", "GHSA-7w95-qwhh-q9p3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u5e-d6nx-3khc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111082?format=api", "vulnerability_id": "VCID-92tv-nghv-mqf2", "summary": "Magento DOM-based Cross-site scripting vulnerability\nMagento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86379", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02798", "scoring_system": "epss", "scoring_elements": "0.86402", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9691" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9691", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9691" }, { "reference_url": "https://github.com/advisories/GHSA-g7pc-799q-743f", "reference_id": "GHSA-g7pc-799q-743f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g7pc-799q-743f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77753?format=api", "purl": "pkg:composer/magento/community-edition@2.3.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.5-p2" } ], "aliases": [ "CVE-2020-9691", "GHSA-g7pc-799q-743f" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92tv-nghv-mqf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55677?format=api", "vulnerability_id": "VCID-9vrt-uccb-myev", "summary": "Magento Improper Authorization Leading to Security feature bypass\nMagento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54196", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39415" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39415", "reference_id": "CVE-2024-39415", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39415" }, { "reference_url": "https://github.com/advisories/GHSA-gj93-84g5-mcjq", "reference_id": "GHSA-gj93-84g5-mcjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj93-84g5-mcjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39415", "GHSA-gj93-84g5-mcjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vrt-uccb-myev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52847?format=api", "vulnerability_id": "VCID-a5rz-y1hu-ubc6", "summary": "Information Exposure Through Discrepancy\nMagento has an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.6491", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64953", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9690" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9690", "reference_id": "CVE-2020-9690", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9690" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77753?format=api", "purl": "pkg:composer/magento/community-edition@2.3.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/60732?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0" } ], "aliases": [ "CVE-2020-9690", "GHSA-xgp9-j48h-jjf9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5rz-y1hu-ubc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56631?format=api", "vulnerability_id": "VCID-a9b6-tenb-afdw", "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24416" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:48Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24416", "reference_id": "CVE-2025-24416", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24416" }, { "reference_url": "https://github.com/advisories/GHSA-rjjw-g6hw-7pc9", "reference_id": "GHSA-rjjw-g6hw-7pc9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rjjw-g6hw-7pc9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24416", "GHSA-rjjw-g6hw-7pc9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9b6-tenb-afdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111197?format=api", "vulnerability_id": "VCID-apue-gaqy-n3cq", "summary": "Magento 2 Community Edition Incorrect Authorization\nMagento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52037", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52097", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24401" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24401", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24401" }, { "reference_url": "https://github.com/advisories/GHSA-f2g3-3c6q-4478", "reference_id": "GHSA-f2g3-3c6q-4478", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2g3-3c6q-4478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24401", "GHSA-f2g3-3c6q-4478" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apue-gaqy-n3cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55362?format=api", "vulnerability_id": "VCID-ayfe-5a7g-u7b7", "summary": "Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94171", "scoring_system": "epss", "scoring_elements": "0.9992", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102", "reference_id": "CVE-2024-34102", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102" }, { "reference_url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj", "reference_id": "GHSA-m8cj-3v68-3cxj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34102", "GHSA-m8cj-3v68-3cxj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ayfe-5a7g-u7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56637?format=api", "vulnerability_id": "VCID-b3cn-pjp3-4yhm", "summary": "Magento Business Logic Error vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48014", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24425" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:39Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24425", "reference_id": "CVE-2025-24425", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24425" }, { "reference_url": "https://github.com/advisories/GHSA-6ff8-jrfg-43hh", "reference_id": "GHSA-6ff8-jrfg-43hh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6ff8-jrfg-43hh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24425", "GHSA-6ff8-jrfg-43hh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3cn-pjp3-4yhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45954?format=api", "vulnerability_id": "VCID-b5hn-f1qk-z7cu", "summary": "Magento improper access control vulnerability within Magento's Media Gallery Upload workflow\nMagento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01566", "scoring_system": "epss", "scoring_elements": "0.81845", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01566", "scoring_system": "epss", "scoring_elements": "0.81879", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36036" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:52:37Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36036", "reference_id": "CVE-2021-36036", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36036" }, { "reference_url": "https://github.com/advisories/GHSA-wqr6-wv6c-p8fx", "reference_id": "GHSA-wqr6-wv6c-p8fx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wqr6-wv6c-p8fx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36036", "GHSA-wqr6-wv6c-p8fx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5hn-f1qk-z7cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55686?format=api", "vulnerability_id": "VCID-b9ry-u6qy-j7cc", "summary": "Magento Improper Authorization leads to Security feature bypass\nMagento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54196", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39417" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:31Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39417", "reference_id": "CVE-2024-39417", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39417" }, { "reference_url": "https://github.com/advisories/GHSA-4xmj-f664-hv98", "reference_id": "GHSA-4xmj-f664-hv98", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xmj-f664-hv98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39417", "GHSA-4xmj-f664-hv98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ry-u6qy-j7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55994?format=api", "vulnerability_id": "VCID-bch8-kq49-skhm", "summary": "Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79671", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45123" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:45Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45123", "reference_id": "CVE-2024-45123", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45123" }, { "reference_url": "https://github.com/advisories/GHSA-88x2-cq34-5fwc", "reference_id": "GHSA-88x2-cq34-5fwc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-88x2-cq34-5fwc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45123", "GHSA-88x2-cq34-5fwc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bch8-kq49-skhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55365?format=api", "vulnerability_id": "VCID-bera-73sm-bbh7", "summary": "Magento Open Source Incorrect Authorization vulnerability\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71367", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:21:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106", "reference_id": "CVE-2024-34106", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106" }, { "reference_url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64", "reference_id": "GHSA-p6h9-gx5g-wg64", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34106", "GHSA-p6h9-gx5g-wg64" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bera-73sm-bbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55688?format=api", "vulnerability_id": "VCID-bkpz-ratd-e7ab", "summary": "Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability\nMagento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67001", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39410" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39410", "reference_id": "CVE-2024-39410", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39410" }, { "reference_url": "https://github.com/advisories/GHSA-4323-f82v-f6jr", "reference_id": "GHSA-4323-f82v-f6jr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4323-f82v-f6jr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39410", "GHSA-4323-f82v-f6jr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkpz-ratd-e7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55364?format=api", "vulnerability_id": "VCID-bzyh-c5tm-j7dn", "summary": "Magento Open Source Cross-Site Scripting (XSS) vulnerability\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83856", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:04:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105", "reference_id": "CVE-2024-34105", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105" }, { "reference_url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9", "reference_id": "GHSA-5632-wq7m-gfq9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34105", "GHSA-5632-wq7m-gfq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyh-c5tm-j7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111727?format=api", "vulnerability_id": "VCID-c1ta-jffg-cfg9", "summary": "Magento XML Injection vulnerability in the Widgets Update Layout\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11326", "scoring_system": "epss", "scoring_elements": "0.93679", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11326", "scoring_system": "epss", "scoring_elements": "0.93688", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36022" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36022", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36022" }, { "reference_url": "https://github.com/advisories/GHSA-3x9x-vhqj-cv27", "reference_id": "GHSA-3x9x-vhqj-cv27", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3x9x-vhqj-cv27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36022", "GHSA-3x9x-vhqj-cv27" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1ta-jffg-cfg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111467?format=api", "vulnerability_id": "VCID-c4mx-9727-nfgs", "summary": "Magento stored cross-site scripting (XSS) in the customer address upload feature\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06281", "scoring_system": "epss", "scoring_elements": "0.9109", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06281", "scoring_system": "epss", "scoring_elements": "0.91103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21030" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21030", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21030" }, { "reference_url": "https://github.com/advisories/GHSA-6988-g89m-27vf", "reference_id": "GHSA-6988-g89m-27vf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6988-g89m-27vf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21030", "GHSA-6988-g89m-27vf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4mx-9727-nfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111502?format=api", "vulnerability_id": "VCID-cae3-fgn1-83hu", "summary": "Magento incorrect permissions vulnerability in the Integrations component\nMagento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40836", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24402" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24402", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24402" }, { "reference_url": "https://github.com/advisories/GHSA-hvf5-4jr9-fghh", "reference_id": "GHSA-hvf5-4jr9-fghh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hvf5-4jr9-fghh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24402", "GHSA-hvf5-4jr9-fghh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cae3-fgn1-83hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48026?format=api", "vulnerability_id": "VCID-cafy-5dd8-rudj", "summary": "Magento allows incorrect authorization\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29548", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265", "reference_id": "CVE-2025-54265", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265" }, { "reference_url": "https://github.com/advisories/GHSA-r355-75hw-r8jf", "reference_id": "GHSA-r355-75hw-r8jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r355-75hw-r8jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70856?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/70855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/70854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54265", "GHSA-r355-75hw-r8jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cafy-5dd8-rudj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58128?format=api", "vulnerability_id": "VCID-ccx1-qacj-2qev", "summary": "Magento Community Edition Improper Input Validation vulnerability\nAdobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98771", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236" }, { "reference_url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236", "reference_id": "CVE-2025-54236", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236" }, { "reference_url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento", "reference_id": "CVE-2025-54236-SESSIONREAPER-UNAUTHENTICATED-RCE-IN-MAGENTO", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento" }, { "reference_url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j", "reference_id": "GHSA-wh92-6q6g-px7j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66493?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2" } ], "aliases": [ "CVE-2025-54236", "GHSA-wh92-6q6g-px7j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccx1-qacj-2qev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111557?format=api", "vulnerability_id": "VCID-cfjt-51xj-qqdw", "summary": "Magento is affected by an improper input validation vulnerability while saving a customer's details\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. An authenticated attacker with admin privileges can leverage this vulnerability to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05476", "scoring_system": "epss", "scoring_elements": "0.90365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05476", "scoring_system": "epss", "scoring_elements": "0.9038", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36025" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36025", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36025" }, { "reference_url": "https://github.com/advisories/GHSA-gvfx-9m9v-h839", "reference_id": "GHSA-gvfx-9m9v-h839", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvfx-9m9v-h839" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36025", "GHSA-gvfx-9m9v-h839" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfjt-51xj-qqdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57822?format=api", "vulnerability_id": "VCID-cm2a-1yc5-v3cy", "summary": "Magento has incorrect authorization issue that leads to arbitrary file system read\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50269", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556", "reference_id": "CVE-2025-49556", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556" }, { "reference_url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h", "reference_id": "GHSA-7hrj-3c9x-xv5h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86026?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/86025?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/86024?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/86023?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/86022?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49556", "GHSA-7hrj-3c9x-xv5h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm2a-1yc5-v3cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55689?format=api", "vulnerability_id": "VCID-cqjn-3z6n-sff1", "summary": "Magento Improper Authorization leads to Security feature bypass\nMagento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55365", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39416" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39416", "reference_id": "CVE-2024-39416", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39416" }, { "reference_url": "https://github.com/advisories/GHSA-4xgg-rw35-7mv5", "reference_id": "GHSA-4xgg-rw35-7mv5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xgg-rw35-7mv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39416", "GHSA-4xgg-rw35-7mv5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqjn-3z6n-sff1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56643?format=api", "vulnerability_id": "VCID-d6mk-hg8h-7qbc", "summary": "Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27789", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24432" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:09:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24432", "reference_id": "CVE-2025-24432", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24432" }, { "reference_url": "https://github.com/advisories/GHSA-7jmr-43qj-pw47", "reference_id": "GHSA-7jmr-43qj-pw47", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7jmr-43qj-pw47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24432", "GHSA-7jmr-43qj-pw47" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6mk-hg8h-7qbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48032?format=api", "vulnerability_id": "VCID-dj5a-35gt-u7dn", "summary": "Magento vulnerable to privilege escalation due to incorrect authorization\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20523", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267", "reference_id": "CVE-2025-54267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267" }, { "reference_url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf", "reference_id": "GHSA-qvwr-p3hj-j6jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70856?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/70855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/70854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54267", "GHSA-qvwr-p3hj-j6jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5a-35gt-u7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108762?format=api", "vulnerability_id": "VCID-dpm5-tmsy-2bez", "summary": "Magento Improper input validation vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39844", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42344" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42344", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42344" }, { "reference_url": "https://github.com/advisories/GHSA-297f-r9w7-w492", "reference_id": "GHSA-297f-r9w7-w492", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-297f-r9w7-w492" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144516?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-42344", "GHSA-297f-r9w7-w492" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpm5-tmsy-2bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53776?format=api", "vulnerability_id": "VCID-dqkx-knjf-47hh", "summary": "SQL Injection\nMagento This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49356", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24400" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24400", "reference_id": "CVE-2020-24400", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24400" }, { "reference_url": "https://github.com/advisories/GHSA-pf6w-3pfw-fxvw", "reference_id": "GHSA-pf6w-3pfw-fxvw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf6w-3pfw-fxvw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24400", "GHSA-pf6w-3pfw-fxvw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqkx-knjf-47hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55700?format=api", "vulnerability_id": "VCID-du16-f2wp-t3cw", "summary": "Magento Open Source Improper Authorization vulnerability\nMagento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50575", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39412" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:56Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39412", "reference_id": "CVE-2024-39412", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39412" }, { "reference_url": "https://github.com/advisories/GHSA-7472-vw39-g2j3", "reference_id": "GHSA-7472-vw39-g2j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7472-vw39-g2j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39412", "GHSA-7472-vw39-g2j3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-du16-f2wp-t3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55357?format=api", "vulnerability_id": "VCID-dur2-pfke-h7hf", "summary": "Magento Open Source Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73067", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:30:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107", "reference_id": "CVE-2024-34107", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107" }, { "reference_url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g", "reference_id": "GHSA-r7cm-g469-wm4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34107", "GHSA-r7cm-g469-wm4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dur2-pfke-h7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54064?format=api", "vulnerability_id": "VCID-e7k8-hmqe-wufh", "summary": "Magento is vulnerable to SQL Injection. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02071", "scoring_system": "epss", "scoring_elements": "0.84262", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02071", "scoring_system": "epss", "scoring_elements": "0.84285", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21024" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21024", "reference_id": "CVE-2021-21024", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21024" }, { "reference_url": "https://github.com/advisories/GHSA-rj4f-cp4v-hvcv", "reference_id": "GHSA-rj4f-cp4v-hvcv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj4f-cp4v-hvcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21024", "GHSA-rj4f-cp4v-hvcv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7k8-hmqe-wufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55363?format=api", "vulnerability_id": "VCID-e7zd-dn28-4bf1", "summary": "Magento Open Source Improper Authentication vulnerability\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83255", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-14T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103", "reference_id": "CVE-2024-34103", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103" }, { "reference_url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774", "reference_id": "GHSA-f7q4-9gwv-6774", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34103", "GHSA-f7q4-9gwv-6774" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7zd-dn28-4bf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55989?format=api", "vulnerability_id": "VCID-eahe-s41f-ckc1", "summary": "Magento Open Source Cross-Site Scripting (XSS) vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01833", "scoring_system": "epss", "scoring_elements": "0.83292", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45116" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:56:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45116", "reference_id": "CVE-2024-45116", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45116" }, { "reference_url": "https://github.com/advisories/GHSA-873m-72g6-853g", "reference_id": "GHSA-873m-72g6-853g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-873m-72g6-853g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45116", "GHSA-873m-72g6-853g" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eahe-s41f-ckc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112485?format=api", "vulnerability_id": "VCID-ed87-d3y2-wfck", "summary": "Magento improper authorization vulnerability in the integrations module\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.72008", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71969", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21026" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21026", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21026" }, { "reference_url": "https://github.com/advisories/GHSA-crjc-2v9m-8w7r", "reference_id": "GHSA-crjc-2v9m-8w7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crjc-2v9m-8w7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21026", "GHSA-crjc-2v9m-8w7r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed87-d3y2-wfck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57095?format=api", "vulnerability_id": "VCID-egy6-nku7-zyap", "summary": "Magento Improper Access Control leads to Security feature bypass\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50333", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27191" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:08Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27191", "reference_id": "CVE-2025-27191", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27191" }, { "reference_url": "https://github.com/advisories/GHSA-vhcq-4xrm-2cr2", "reference_id": "GHSA-vhcq-4xrm-2cr2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vhcq-4xrm-2cr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84773?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/84774?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84775?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/84776?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27191", "GHSA-vhcq-4xrm-2cr2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egy6-nku7-zyap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111366?format=api", "vulnerability_id": "VCID-er49-k3tc-ufcu", "summary": "Magento allows attackers to alter the price of items\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01428", "scoring_system": "epss", "scoring_elements": "0.80981", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01428", "scoring_system": "epss", "scoring_elements": "0.8101", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36030" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36030", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36030" }, { "reference_url": "https://github.com/advisories/GHSA-rhff-65hp-55rw", "reference_id": "GHSA-rhff-65hp-55rw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhff-65hp-55rw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36030", "GHSA-rhff-65hp-55rw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-er49-k3tc-ufcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55998?format=api", "vulnerability_id": "VCID-evth-swm9-k3de", "summary": "Magento Open Source Improper Access Control vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24943", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45121" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45121", "reference_id": "CVE-2024-45121", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45121" }, { "reference_url": "https://github.com/advisories/GHSA-2qhq-fw98-h6wg", "reference_id": "GHSA-2qhq-fw98-h6wg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qhq-fw98-h6wg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45121", "GHSA-2qhq-fw98-h6wg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evth-swm9-k3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57814?format=api", "vulnerability_id": "VCID-eygc-ra9u-gyej", "summary": "Magento Cross-Site Request Forgery (CSRF) vulnerability\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2931", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555", "reference_id": "CVE-2025-49555", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555" }, { "reference_url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw", "reference_id": "GHSA-5777-jj7p-mpqw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86026?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/86025?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/86024?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/86023?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/86022?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49555", "GHSA-5777-jj7p-mpqw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eygc-ra9u-gyej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112124?format=api", "vulnerability_id": "VCID-f5ef-53gt-nbcu", "summary": "Magento command injection vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.031", "scoring_system": "epss", "scoring_elements": "0.87045", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.031", "scoring_system": "epss", "scoring_elements": "0.87067", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9583" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9583", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9583" }, { "reference_url": "https://github.com/advisories/GHSA-c55h-7q4j-g6rq", "reference_id": "GHSA-c55h-7q4j-g6rq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c55h-7q4j-g6rq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9583", "GHSA-c55h-7q4j-g6rq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5ef-53gt-nbcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53715?format=api", "vulnerability_id": "VCID-fgqe-h7ey-33bd", "summary": "Cross-site Scripting\nThis vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.8022", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80244", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24408", "reference_id": "CVE-2020-24408", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24408" }, { "reference_url": "https://github.com/advisories/GHSA-jxjc-6xmh-h7mg", "reference_id": "GHSA-jxjc-6xmh-h7mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jxjc-6xmh-h7mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24408", "GHSA-jxjc-6xmh-h7mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgqe-h7ey-33bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56628?format=api", "vulnerability_id": "VCID-fz5y-um7w-63f4", "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.831", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24410" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24410", "reference_id": "CVE-2025-24410", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24410" }, { "reference_url": "https://github.com/advisories/GHSA-gjxp-46rq-wg4q", "reference_id": "GHSA-gjxp-46rq-wg4q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gjxp-46rq-wg4q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24410", "GHSA-gjxp-46rq-wg4q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz5y-um7w-63f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111945?format=api", "vulnerability_id": "VCID-fz6y-fece-skgr", "summary": "Magento has a file extension restrictions bypass\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03446", "scoring_system": "epss", "scoring_elements": "0.87714", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03446", "scoring_system": "epss", "scoring_elements": "0.87735", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36040" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36040", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36040" }, { "reference_url": "https://github.com/advisories/GHSA-2pq5-gpqf-g4r3", "reference_id": "GHSA-2pq5-gpqf-g4r3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pq5-gpqf-g4r3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36040", "GHSA-2pq5-gpqf-g4r3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz6y-fece-skgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57819?format=api", "vulnerability_id": "VCID-fzm9-e6bg-r7aw", "summary": "Magento Cross-site Scripting vulnerability\nAdobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24233", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49557" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49557", "reference_id": "CVE-2025-49557", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49557" }, { "reference_url": "https://github.com/advisories/GHSA-8mq8-c243-2335", "reference_id": "GHSA-8mq8-c243-2335", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8mq8-c243-2335" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86042?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p15" }, { "url": "http://public2.vulnerablecode.io/api/packages/65942?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/86026?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/86025?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/86024?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/70852?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49557", "GHSA-8mq8-c243-2335" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzm9-e6bg-r7aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56647?format=api", "vulnerability_id": "VCID-gedj-39p5-ubd6", "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24413" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24413", "reference_id": "CVE-2025-24413", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24413" }, { "reference_url": "https://github.com/advisories/GHSA-xwgx-8v72-4j5j", "reference_id": "GHSA-xwgx-8v72-4j5j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xwgx-8v72-4j5j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24413", "GHSA-xwgx-8v72-4j5j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gedj-39p5-ubd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55993?format=api", "vulnerability_id": "VCID-gxj9-a1hc-47de", "summary": "Magento Open Source Improper Access Control vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24943", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45118" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:45:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45118", "reference_id": "CVE-2024-45118", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45118" }, { "reference_url": "https://github.com/advisories/GHSA-cg52-68fv-94qq", "reference_id": "GHSA-cg52-68fv-94qq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg52-68fv-94qq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45118", "GHSA-cg52-68fv-94qq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxj9-a1hc-47de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111163?format=api", "vulnerability_id": "VCID-gxnx-f2qh-3yf9", "summary": "Magento discloses sensitive information via the Multishipping Module\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01462", "scoring_system": "epss", "scoring_elements": "0.81203", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01462", "scoring_system": "epss", "scoring_elements": "0.81231", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36038" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36038", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36038" }, { "reference_url": "https://github.com/advisories/GHSA-wgpr-9675-8r67", "reference_id": "GHSA-wgpr-9675-8r67", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wgpr-9675-8r67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36038", "GHSA-wgpr-9675-8r67" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxnx-f2qh-3yf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111006?format=api", "vulnerability_id": "VCID-gyj5-abau-uyf6", "summary": "Magento stored cross-site scripting vulnerability in the admin console\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03783", "scoring_system": "epss", "scoring_elements": "0.88271", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03783", "scoring_system": "epss", "scoring_elements": "0.8829", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21023" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21023", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21023" }, { "reference_url": "https://github.com/advisories/GHSA-h5rm-m772-6qcx", "reference_id": "GHSA-h5rm-m772-6qcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5rm-m772-6qcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21023", "GHSA-h5rm-m772-6qcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyj5-abau-uyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53773?format=api", "vulnerability_id": "VCID-h4nn-2mrj-g3ds", "summary": "Improper Authorization\nMagento This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50929", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24404" }, { "reference_url": "https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-6.html" }, { "reference_url": "https://experienceleague.adobe.com/docs/commerce-operations/release/notes/magento-open-source/2-4-1.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://experienceleague.adobe.com/docs/commerce-operations/release/notes/magento-open-source/2-4-1.html" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24404", "reference_id": "CVE-2020-24404", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24404" }, { "reference_url": "https://github.com/advisories/GHSA-rwf7-652f-76mv", "reference_id": "GHSA-rwf7-652f-76mv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwf7-652f-76mv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24404", "GHSA-rwf7-652f-76mv" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4nn-2mrj-g3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54068?format=api", "vulnerability_id": "VCID-h64s-51sc-huga", "summary": "XPath Injection\nMagento is vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04035", "scoring_system": "epss", "scoring_elements": "0.887", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04035", "scoring_system": "epss", "scoring_elements": "0.88716", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21019" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21019", "reference_id": "CVE-2021-21019", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21019" }, { "reference_url": "https://github.com/advisories/GHSA-mw95-gmw4-883p", "reference_id": "GHSA-mw95-gmw4-883p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mw95-gmw4-883p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21019", "GHSA-mw95-gmw4-883p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h64s-51sc-huga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56622?format=api", "vulnerability_id": "VCID-hbau-7tvg-cygz", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39685", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24429" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24429", "reference_id": "CVE-2025-24429", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24429" }, { "reference_url": "https://github.com/advisories/GHSA-656q-fx2w-8ccv", "reference_id": "GHSA-656q-fx2w-8ccv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-656q-fx2w-8ccv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24429", "GHSA-656q-fx2w-8ccv" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbau-7tvg-cygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55361?format=api", "vulnerability_id": "VCID-hfbb-ax6r-tbaz", "summary": "Magento Open Source Server-Side Request Forgery (SSRF) vulnerability\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73715", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-13T21:18:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111", "reference_id": "CVE-2024-34111", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111" }, { "reference_url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3", "reference_id": "GHSA-jmqp-r3gg-6jh3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34111", "GHSA-jmqp-r3gg-6jh3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfbb-ax6r-tbaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112481?format=api", "vulnerability_id": "VCID-hspp-kw5e-akbr", "summary": "Magento vulnerable to file upload attack\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05476", "scoring_system": "epss", "scoring_elements": "0.90365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05476", "scoring_system": "epss", "scoring_elements": "0.9038", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36041" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36041", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36041" }, { "reference_url": "https://github.com/advisories/GHSA-mx5m-j5xr-jg8c", "reference_id": "GHSA-mx5m-j5xr-jg8c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mx5m-j5xr-jg8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36041", "GHSA-mx5m-j5xr-jg8c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hspp-kw5e-akbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54067?format=api", "vulnerability_id": "VCID-hufp-fajk-n7gu", "summary": "OS Command Injection\nMagento is vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06906", "scoring_system": "epss", "scoring_elements": "0.9155", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06906", "scoring_system": "epss", "scoring_elements": "0.91563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21018" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21018", "reference_id": "CVE-2021-21018", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21018" }, { "reference_url": "https://github.com/advisories/GHSA-rv48-v862-mp92", "reference_id": "GHSA-rv48-v862-mp92", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rv48-v862-mp92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21018", "GHSA-rv48-v862-mp92" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hufp-fajk-n7gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57100?format=api", "vulnerability_id": "VCID-j6ss-8f4e-e7g2", "summary": "Magento does not properly protect credentials\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2817", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27192" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27192", "reference_id": "CVE-2025-27192", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27192" }, { "reference_url": "https://github.com/advisories/GHSA-2r94-wm5v-4prx", "reference_id": "GHSA-2r94-wm5v-4prx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2r94-wm5v-4prx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84773?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/84774?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84775?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/84776?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27192", "GHSA-2r94-wm5v-4prx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6ss-8f4e-e7g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111185?format=api", "vulnerability_id": "VCID-j77a-cqsd-wuf1", "summary": "Magento Insufficient Session Expiration\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38109", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21032" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21032", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21032" }, { "reference_url": "https://github.com/advisories/GHSA-4jfq-f8hc-775q", "reference_id": "GHSA-4jfq-f8hc-775q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jfq-f8hc-775q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21032", "GHSA-4jfq-f8hc-775q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j77a-cqsd-wuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112095?format=api", "vulnerability_id": "VCID-jmhs-9u49-ekbj", "summary": "Magento Insecure Direct Object Reference (IDOR) in the product module\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35755", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35851", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21022" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21022", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21022" }, { "reference_url": "https://github.com/advisories/GHSA-8pfq-g48p-x7w8", "reference_id": "GHSA-8pfq-g48p-x7w8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8pfq-g48p-x7w8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21022", "GHSA-8pfq-g48p-x7w8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmhs-9u49-ekbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56645?format=api", "vulnerability_id": "VCID-jr49-4fs3-8qcp", "summary": "Improper Authorization vulnerability in Magento and Adobe Commerce\nAdobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44087", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24434" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:37Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24434", "reference_id": "CVE-2025-24434", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24434" }, { "reference_url": "https://github.com/advisories/GHSA-fppq-f2m6-xv5c", "reference_id": "GHSA-fppq-f2m6-xv5c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fppq-f2m6-xv5c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24434", "GHSA-fppq-f2m6-xv5c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jr49-4fs3-8qcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55678?format=api", "vulnerability_id": "VCID-kezx-5nw5-hfen", "summary": "Magento Improper Access Control Leads to Privilege escalation\nMagento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55365", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39414" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39414", "reference_id": "CVE-2024-39414", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39414" }, { "reference_url": "https://github.com/advisories/GHSA-x6f9-hv9r-fgq4", "reference_id": "GHSA-x6f9-hv9r-fgq4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x6f9-hv9r-fgq4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39414", "GHSA-x6f9-hv9r-fgq4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kezx-5nw5-hfen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110863?format=api", "vulnerability_id": "VCID-kgws-xvjr-g7bv", "summary": "Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0261", "scoring_system": "epss", "scoring_elements": "0.85921", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0261", "scoring_system": "epss", "scoring_elements": "0.85942", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36043" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36043", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36043" }, { "reference_url": "https://github.com/advisories/GHSA-36xq-7w8w-xp68", "reference_id": "GHSA-36xq-7w8w-xp68", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36xq-7w8w-xp68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36043", "GHSA-36xq-7w8w-xp68" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgws-xvjr-g7bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55980?format=api", "vulnerability_id": "VCID-kje4-asu6-dfg2", "summary": "Magento Open Source Improper Access Control vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24284", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45129" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:37Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45129", "reference_id": "CVE-2024-45129", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45129" }, { "reference_url": "https://github.com/advisories/GHSA-m58h-998x-66f3", "reference_id": "GHSA-m58h-998x-66f3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m58h-998x-66f3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45129", "GHSA-m58h-998x-66f3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kje4-asu6-dfg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55359?format=api", "vulnerability_id": "VCID-kq4m-anrt-rugn", "summary": "Magento Open Source Improper Authorization vulnerability\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70373", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:48:20Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104", "reference_id": "CVE-2024-34104", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104" }, { "reference_url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm", "reference_id": "GHSA-wwj3-573j-rvvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/81853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34104", "GHSA-wwj3-573j-rvvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kq4m-anrt-rugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55676?format=api", "vulnerability_id": "VCID-kuzc-uv5b-v7an", "summary": "Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability\nMagento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67001", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39409" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:00Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39409", "reference_id": "CVE-2024-39409", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39409" }, { "reference_url": "https://github.com/advisories/GHSA-rf4q-m23c-7q8r", "reference_id": "GHSA-rf4q-m23c-7q8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rf4q-m23c-7q8r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39409", "GHSA-rf4q-m23c-7q8r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuzc-uv5b-v7an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112060?format=api", "vulnerability_id": "VCID-kv6x-nz1s-uuar", "summary": "Magento affected by remote code execution via a file upload\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05476", "scoring_system": "epss", "scoring_elements": "0.90365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05476", "scoring_system": "epss", "scoring_elements": "0.9038", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36034" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36034", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36034" }, { "reference_url": "https://github.com/advisories/GHSA-j46h-qjjv-cxfj", "reference_id": "GHSA-j46h-qjjv-cxfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j46h-qjjv-cxfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36034", "GHSA-j46h-qjjv-cxfj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kv6x-nz1s-uuar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57533?format=api", "vulnerability_id": "VCID-md7v-w5aq-t7h1", "summary": "Magento Security feature bypass\nMagento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64889", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49550" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:07:51Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49550", "reference_id": "CVE-2025-49550", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49550" }, { "reference_url": "https://github.com/advisories/GHSA-8hcx-xvww-6c6h", "reference_id": "GHSA-8hcx-xvww-6c6h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8hcx-xvww-6c6h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85378?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/85377?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/85376?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70852?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49550", "GHSA-8hcx-xvww-6c6h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-md7v-w5aq-t7h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56626?format=api", "vulnerability_id": "VCID-mhvf-2keh-2qar", "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24417" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24417", "reference_id": "CVE-2025-24417", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24417" }, { "reference_url": "https://github.com/advisories/GHSA-g3j6-9753-8mp2", "reference_id": "GHSA-g3j6-9753-8mp2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g3j6-9753-8mp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24417", "GHSA-g3j6-9753-8mp2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhvf-2keh-2qar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56646?format=api", "vulnerability_id": "VCID-mjb6-7au8-5fdx", "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24414" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:45Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24414", "reference_id": "CVE-2025-24414", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24414" }, { "reference_url": "https://github.com/advisories/GHSA-fhw6-3mj5-w9gv", "reference_id": "GHSA-fhw6-3mj5-w9gv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fhw6-3mj5-w9gv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24414", "GHSA-fhw6-3mj5-w9gv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjb6-7au8-5fdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111534?format=api", "vulnerability_id": "VCID-mtes-xpe5-qkdj", "summary": "Magento 2 Community Edition RCE via Unsafe File Upload\nMagento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03057", "scoring_system": "epss", "scoring_elements": "0.86957", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03057", "scoring_system": "epss", "scoring_elements": "0.86979", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24407" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24407", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24407" }, { "reference_url": "https://github.com/advisories/GHSA-7pxg-6p87-8c9v", "reference_id": "GHSA-7pxg-6p87-8c9v", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7pxg-6p87-8c9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24407", "GHSA-7pxg-6p87-8c9v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtes-xpe5-qkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110890?format=api", "vulnerability_id": "VCID-n5mn-3a8f-nbdb", "summary": "Magento discloses sensitive information\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74435", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74466", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36039" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36039", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36039" }, { "reference_url": "https://github.com/advisories/GHSA-3g7m-g8qm-x6j5", "reference_id": "GHSA-3g7m-g8qm-x6j5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3g7m-g8qm-x6j5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36039", "GHSA-3g7m-g8qm-x6j5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5mn-3a8f-nbdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111239?format=api", "vulnerability_id": "VCID-nf6t-99ep-w3dy", "summary": "Magento command injection vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0323", "scoring_system": "epss", "scoring_elements": "0.87306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0323", "scoring_system": "epss", "scoring_elements": "0.87328", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9582" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9582", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9582" }, { "reference_url": "https://github.com/advisories/GHSA-c3m4-hxv9-4mxj", "reference_id": "GHSA-c3m4-hxv9-4mxj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c3m4-hxv9-4mxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151117?format=api", "purl": "pkg:composer/magento/community-edition@2.2.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9582", "GHSA-c3m4-hxv9-4mxj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf6t-99ep-w3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111283?format=api", "vulnerability_id": "VCID-nm39-k1su-yyep", "summary": "Magento vulnerable to a file upload restriction bypass\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59335", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21014" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21014", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21014" }, { "reference_url": "https://github.com/advisories/GHSA-269w-pqc7-68q9", "reference_id": "GHSA-269w-pqc7-68q9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-269w-pqc7-68q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21014", "GHSA-269w-pqc7-68q9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nm39-k1su-yyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45951?format=api", "vulnerability_id": "VCID-nn21-hf8r-ykfd", "summary": "Magento XML Injection vulnerability in the Widgets Update Layout\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1628", "scoring_system": "epss", "scoring_elements": "0.9495", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1628", "scoring_system": "epss", "scoring_elements": "0.94958", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36023" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:52:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36023", "reference_id": "CVE-2021-36023", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36023" }, { "reference_url": "https://github.com/advisories/GHSA-8cjg-f53m-8m9q", "reference_id": "GHSA-8cjg-f53m-8m9q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8cjg-f53m-8m9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36023", "GHSA-8cjg-f53m-8m9q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn21-hf8r-ykfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55991?format=api", "vulnerability_id": "VCID-ns8t-vtcn-aqh4", "summary": "Magento Open Source Improper Access Control vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33831", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45149" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:46Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45149", "reference_id": "CVE-2024-45149", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45149" }, { "reference_url": "https://github.com/advisories/GHSA-w7rg-7wq2-pjrw", "reference_id": "GHSA-w7rg-7wq2-pjrw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7rg-7wq2-pjrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45149", "GHSA-w7rg-7wq2-pjrw" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ns8t-vtcn-aqh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111183?format=api", "vulnerability_id": "VCID-p1py-xewy-7khn", "summary": "Magento XML Injection vulnerability in the Widgets Module\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11326", "scoring_system": "epss", "scoring_elements": "0.93679", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11326", "scoring_system": "epss", "scoring_elements": "0.93688", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36033" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36033", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36033" }, { "reference_url": "https://github.com/advisories/GHSA-p746-qw73-qmmx", "reference_id": "GHSA-p746-qw73-qmmx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p746-qw73-qmmx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36033", "GHSA-p746-qw73-qmmx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1py-xewy-7khn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112251?format=api", "vulnerability_id": "VCID-p9qx-66yy-1kc1", "summary": "Magento improper authorization vulnerability\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36029", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0345", "scoring_system": "epss", "scoring_elements": "0.87729", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0345", "scoring_system": "epss", "scoring_elements": "0.87751", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36029" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36029", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36029" }, { "reference_url": "https://github.com/advisories/GHSA-m8wx-whpp-q283", "reference_id": "GHSA-m8wx-whpp-q283", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8wx-whpp-q283" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36029", "GHSA-m8wx-whpp-q283" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9qx-66yy-1kc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111336?format=api", "vulnerability_id": "VCID-pm85-dfg2-euep", "summary": "Magento executes code via the API File Option Upload Extension\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04108", "scoring_system": "epss", "scoring_elements": "0.888", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04108", "scoring_system": "epss", "scoring_elements": "0.88817", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36042" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36042", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36042" }, { "reference_url": "https://github.com/advisories/GHSA-6cwv-wj7v-73xp", "reference_id": "GHSA-6cwv-wj7v-73xp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6cwv-wj7v-73xp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36042", "GHSA-6cwv-wj7v-73xp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pm85-dfg2-euep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53774?format=api", "vulnerability_id": "VCID-px1s-dzpe-qbfx", "summary": "Path Traversal\nWhen in maintenance mode, Magento This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53026", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53086", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24406", "reference_id": "CVE-2020-24406", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24406" }, { "reference_url": "https://github.com/advisories/GHSA-mr8q-7f5j-wc79", "reference_id": "GHSA-mr8q-7f5j-wc79", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mr8q-7f5j-wc79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24406", "GHSA-mr8q-7f5j-wc79" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-px1s-dzpe-qbfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111241?format=api", "vulnerability_id": "VCID-q4yr-fqww-tbb1", "summary": "Magento incorrect user permissions vulnerability within the Inventory component\nMagento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40836", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24403" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24403", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24403" }, { "reference_url": "https://github.com/advisories/GHSA-39rw-4m66-82gf", "reference_id": "GHSA-39rw-4m66-82gf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39rw-4m66-82gf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24403", "GHSA-39rw-4m66-82gf" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4yr-fqww-tbb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55997?format=api", "vulnerability_id": "VCID-qgpx-hgzu-5qgp", "summary": "Magento Open Source Improper Access Control vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30523", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45122" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:59:49Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45122", "reference_id": "CVE-2024-45122", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45122" }, { "reference_url": "https://github.com/advisories/GHSA-46fm-x82m-5f74", "reference_id": "GHSA-46fm-x82m-5f74", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46fm-x82m-5f74" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45122", "GHSA-46fm-x82m-5f74" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgpx-hgzu-5qgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56623?format=api", "vulnerability_id": "VCID-qp7s-amch-v3cd", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40477", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24435" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:16Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24435", "reference_id": "CVE-2025-24435", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24435" }, { "reference_url": "https://github.com/advisories/GHSA-82p4-55gj-956p", "reference_id": "GHSA-82p4-55gj-956p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-82p4-55gj-956p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24435", "GHSA-82p4-55gj-956p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp7s-amch-v3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111382?format=api", "vulnerability_id": "VCID-qq42-4zzt-3kh2", "summary": "Magento XPath Injection\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.8958", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89597", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21025" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21025", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21025" }, { "reference_url": "https://github.com/advisories/GHSA-h437-qjj9-vmq4", "reference_id": "GHSA-h437-qjj9-vmq4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h437-qjj9-vmq4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21025", "GHSA-h437-qjj9-vmq4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qq42-4zzt-3kh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111957?format=api", "vulnerability_id": "VCID-qr9t-ckvn-8uby", "summary": "Magento security mitigation bypass vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07985", "scoring_system": "epss", "scoring_elements": "0.9223", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07985", "scoring_system": "epss", "scoring_elements": "0.92243", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9632" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9632", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9632" }, { "reference_url": "https://github.com/advisories/GHSA-6w29-x5j4-qhrw", "reference_id": "GHSA-6w29-x5j4-qhrw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6w29-x5j4-qhrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9632", "GHSA-6w29-x5j4-qhrw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qr9t-ckvn-8uby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48030?format=api", "vulnerability_id": "VCID-qrwc-3gsb-zkfy", "summary": "Magento provides incorrect authorization through a security feature bypass\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25983", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263", "reference_id": "CVE-2025-54263", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263" }, { "reference_url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8", "reference_id": "GHSA-69x9-xp2j-w8g8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70856?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/70855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/70854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54263", "GHSA-69x9-xp2j-w8g8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrwc-3gsb-zkfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53775?format=api", "vulnerability_id": "VCID-qx68-8xvf-a7hy", "summary": "Improper Authorization\nMagento This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.2496", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24405" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24405", "reference_id": "CVE-2020-24405", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24405" }, { "reference_url": "https://github.com/advisories/GHSA-p7m7-j8jv-393q", "reference_id": "GHSA-p7m7-j8jv-393q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7m7-j8jv-393q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24405", "GHSA-p7m7-j8jv-393q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qx68-8xvf-a7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56642?format=api", "vulnerability_id": "VCID-qzqd-271b-ybfj", "summary": "Magento Information Exposure vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59659", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24408", "reference_id": "CVE-2025-24408", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24408" }, { "reference_url": "https://github.com/advisories/GHSA-3cfg-w257-cgf8", "reference_id": "GHSA-3cfg-w257-cgf8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3cfg-w257-cgf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24408", "GHSA-3cfg-w257-cgf8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzqd-271b-ybfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56633?format=api", "vulnerability_id": "VCID-r4bw-w4t9-23ek", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40477", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24427" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24427", "reference_id": "CVE-2025-24427", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24427" }, { "reference_url": "https://github.com/advisories/GHSA-v3hq-g424-5mgg", "reference_id": "GHSA-v3hq-g424-5mgg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v3hq-g424-5mgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24427", "GHSA-v3hq-g424-5mgg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4bw-w4t9-23ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55978?format=api", "vulnerability_id": "VCID-rduw-apr6-4fdu", "summary": "Magento Open Source Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34443", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45135" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:00:24Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45135", "reference_id": "CVE-2024-45135", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45135" }, { "reference_url": "https://github.com/advisories/GHSA-8pxg-gcp4-57ww", "reference_id": "GHSA-8pxg-gcp4-57ww", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8pxg-gcp4-57ww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45135", "GHSA-8pxg-gcp4-57ww" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rduw-apr6-4fdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56630?format=api", "vulnerability_id": "VCID-re84-qg3k-3ub3", "summary": "Adobe Commerce Path Traversal\nAdobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.4666", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:36Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24406", "reference_id": "CVE-2025-24406", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24406" }, { "reference_url": "https://github.com/advisories/GHSA-954p-ff72-327w", "reference_id": "GHSA-954p-ff72-327w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-954p-ff72-327w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24406", "GHSA-954p-ff72-327w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-re84-qg3k-3ub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112402?format=api", "vulnerability_id": "VCID-rgnq-s54v-vkdm", "summary": "Magento has an XML Injection vulnerability\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11326", "scoring_system": "epss", "scoring_elements": "0.93679", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11326", "scoring_system": "epss", "scoring_elements": "0.93688", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36028" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36028", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36028" }, { "reference_url": "https://github.com/advisories/GHSA-5pjj-7fq8-9gpf", "reference_id": "GHSA-5pjj-7fq8-9gpf", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pjj-7fq8-9gpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36028", "GHSA-5pjj-7fq8-9gpf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgnq-s54v-vkdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55988?format=api", "vulnerability_id": "VCID-rxac-w9pd-aqe1", "summary": "Magento Open Source Improper Authorization vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3242", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45131" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45131", "reference_id": "CVE-2024-45131", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45131" }, { "reference_url": "https://github.com/advisories/GHSA-xc5p-773w-m3pm", "reference_id": "GHSA-xc5p-773w-m3pm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc5p-773w-m3pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45131", "GHSA-xc5p-773w-m3pm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxac-w9pd-aqe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56635?format=api", "vulnerability_id": "VCID-s4bp-kzfu-8qfy", "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24412" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:41Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24412", "reference_id": "CVE-2025-24412", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24412" }, { "reference_url": "https://github.com/advisories/GHSA-m4rg-mpp2-97px", "reference_id": "GHSA-m4rg-mpp2-97px", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4rg-mpp2-97px" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24412", "GHSA-m4rg-mpp2-97px" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4bp-kzfu-8qfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56644?format=api", "vulnerability_id": "VCID-scg7-ugdn-53b9", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45292", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24424" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24424", "reference_id": "CVE-2025-24424", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24424" }, { "reference_url": "https://github.com/advisories/GHSA-539v-w87w-w62c", "reference_id": "GHSA-539v-w87w-w62c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-539v-w87w-w62c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24424", "GHSA-539v-w87w-w62c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scg7-ugdn-53b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111360?format=api", "vulnerability_id": "VCID-sd6n-a9mk-aufb", "summary": "Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23863", "scoring_system": "epss", "scoring_elements": "0.96121", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23863", "scoring_system": "epss", "scoring_elements": "0.96126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28556" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28556", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28556" }, { "reference_url": "https://github.com/advisories/GHSA-39ch-rg26-gmq5", "reference_id": "GHSA-39ch-rg26-gmq5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39ch-rg26-gmq5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28556", "GHSA-39ch-rg26-gmq5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd6n-a9mk-aufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55692?format=api", "vulnerability_id": "VCID-shfz-pxan-v3ar", "summary": "Magento Open Source Cross-Site Request Forgery vulnerability\nMagento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67001", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:17Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39408", "reference_id": "CVE-2024-39408", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39408" }, { "reference_url": "https://github.com/advisories/GHSA-4cj6-f32v-6hgx", "reference_id": "GHSA-4cj6-f32v-6hgx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4cj6-f32v-6hgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39408", "GHSA-4cj6-f32v-6hgx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shfz-pxan-v3ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54061?format=api", "vulnerability_id": "VCID-spjd-9z79-jueh", "summary": "OS Command Injection\nMagento is vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04856", "scoring_system": "epss", "scoring_elements": "0.89727", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04856", "scoring_system": "epss", "scoring_elements": "0.89743", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21015" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21015", "reference_id": "CVE-2021-21015", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21015" }, { "reference_url": "https://github.com/advisories/GHSA-w2p4-2c8c-2g7h", "reference_id": "GHSA-w2p4-2c8c-2g7h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2p4-2c8c-2g7h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21015", "GHSA-w2p4-2c8c-2g7h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spjd-9z79-jueh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57435?format=api", "vulnerability_id": "VCID-tc3m-4bkg-qkcf", "summary": "Magento Improper Authorization leading to security feature bypass\nMagento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.6963", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43585" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:23:05Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43585", "reference_id": "CVE-2025-43585", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43585" }, { "reference_url": "https://github.com/advisories/GHSA-r487-9vv5-75gg", "reference_id": "GHSA-r487-9vv5-75gg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r487-9vv5-75gg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85378?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/85377?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/85376?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70852?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-43585", "GHSA-r487-9vv5-75gg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc3m-4bkg-qkcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112400?format=api", "vulnerability_id": "VCID-tdg3-1dcq-ekgr", "summary": "Magento Defense-in-depth security mitigation vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.91038", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.91051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9585" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9585", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9585" }, { "reference_url": "https://github.com/advisories/GHSA-55gv-hfg3-hwjq", "reference_id": "GHSA-55gv-hfg3-hwjq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-55gv-hfg3-hwjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9585", "GHSA-55gv-hfg3-hwjq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdg3-1dcq-ekgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56624?format=api", "vulnerability_id": "VCID-te3b-exz5-zke1", "summary": "Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24415" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24415", "reference_id": "CVE-2025-24415", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24415" }, { "reference_url": "https://github.com/advisories/GHSA-gc27-rvvm-q77r", "reference_id": "GHSA-gc27-rvvm-q77r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gc27-rvvm-q77r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24415", "GHSA-gc27-rvvm-q77r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-te3b-exz5-zke1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48029?format=api", "vulnerability_id": "VCID-th7y-aj51-mbaj", "summary": "Magento vulnerable to stored Cross-Site Scripting (XSS)\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44021", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264", "reference_id": "CVE-2025-54264", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264" }, { "reference_url": "https://github.com/advisories/GHSA-2768-5wmv-cfff", "reference_id": "GHSA-2768-5wmv-cfff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2768-5wmv-cfff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70856?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/70855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/70854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54264", "GHSA-2768-5wmv-cfff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-th7y-aj51-mbaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52844?format=api", "vulnerability_id": "VCID-tuw6-hdbp-yqb2", "summary": "Incorrect Authorization\nMagento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.82113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.82083", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9692" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9692", "reference_id": "CVE-2020-9692", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9692" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77753?format=api", "purl": "pkg:composer/magento/community-edition@2.3.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/60732?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0" } ], "aliases": [ "CVE-2020-9692", "GHSA-vqg7-8v6x-54rq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuw6-hdbp-yqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56627?format=api", "vulnerability_id": "VCID-tvz9-8s4d-gbg6", "summary": "Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27789", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24430" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24430", "reference_id": "CVE-2025-24430", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24430" }, { "reference_url": "https://github.com/advisories/GHSA-6w27-c66f-gvhq", "reference_id": "GHSA-6w27-c66f-gvhq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6w27-c66f-gvhq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24430", "GHSA-6w27-c66f-gvhq" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvz9-8s4d-gbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55992?format=api", "vulnerability_id": "VCID-txb3-ez5r-r7ek", "summary": "Magento Open Source Improper Input Validation vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49631", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45117" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45117", "reference_id": "CVE-2024-45117", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45117" }, { "reference_url": "https://github.com/advisories/GHSA-3fr3-gcqh-3m2g", "reference_id": "GHSA-3fr3-gcqh-3m2g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3fr3-gcqh-3m2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45117", "GHSA-3fr3-gcqh-3m2g" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txb3-ez5r-r7ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57816?format=api", "vulnerability_id": "VCID-tzug-ckkn-dyft", "summary": "Magento vulnerable to denial of service\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554", "reference_id": "CVE-2025-49554", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554" }, { "reference_url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr", "reference_id": "GHSA-xgfm-992v-h2hr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86026?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/86025?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/86024?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/86023?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/86022?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49554", "GHSA-xgfm-992v-h2hr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzug-ckkn-dyft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111540?format=api", "vulnerability_id": "VCID-u2hc-27c2-1udc", "summary": "Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67609", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.6765", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28583" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28583", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28583" }, { "reference_url": "https://github.com/advisories/GHSA-7gh6-f4jh-3crq", "reference_id": "GHSA-7gh6-f4jh-3crq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gh6-f4jh-3crq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28583", "GHSA-7gh6-f4jh-3crq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2hc-27c2-1udc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55985?format=api", "vulnerability_id": "VCID-ugyc-gehq-rudu", "summary": "Magento Open Source Incorrect Authorization vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21314", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45125" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:06:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45125", "reference_id": "CVE-2024-45125", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45125" }, { "reference_url": "https://github.com/advisories/GHSA-xg36-8c2v-jpxh", "reference_id": "GHSA-xg36-8c2v-jpxh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xg36-8c2v-jpxh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45125", "GHSA-xg36-8c2v-jpxh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyc-gehq-rudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112327?format=api", "vulnerability_id": "VCID-uwnu-vhsb-g3bj", "summary": "Magento Stored cross-site scripting\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38066", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38157", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9584" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9584", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9584" }, { "reference_url": "https://github.com/advisories/GHSA-45h4-6gcj-6hwv", "reference_id": "GHSA-45h4-6gcj-6hwv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-45h4-6gcj-6hwv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151117?format=api", "purl": "pkg:composer/magento/community-edition@2.2.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9584", "GHSA-45h4-6gcj-6hwv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwnu-vhsb-g3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111584?format=api", "vulnerability_id": "VCID-ve4u-d5rz-wyab", "summary": "Magento OS command injection via the WebAPI\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04449", "scoring_system": "epss", "scoring_elements": "0.89248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04449", "scoring_system": "epss", "scoring_elements": "0.89266", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21016" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21016", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21016" }, { "reference_url": "https://github.com/advisories/GHSA-792f-c8mp-2cr5", "reference_id": "GHSA-792f-c8mp-2cr5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-792f-c8mp-2cr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21016", "GHSA-792f-c8mp-2cr5" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve4u-d5rz-wyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55979?format=api", "vulnerability_id": "VCID-vu36-a1g1-nugt", "summary": "Magento Open Source Improper Authorization vulnerability\nAdobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32354", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45132" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45132", "reference_id": "CVE-2024-45132", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45132" }, { "reference_url": "https://github.com/advisories/GHSA-5f64-ppmg-cvvm", "reference_id": "GHSA-5f64-ppmg-cvvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f64-ppmg-cvvm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45132", "GHSA-5f64-ppmg-cvvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vu36-a1g1-nugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55996?format=api", "vulnerability_id": "VCID-vx13-4b1d-wbgp", "summary": "Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability\nAdobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2257", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45120" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:07Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45120", "reference_id": "CVE-2024-45120", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45120" }, { "reference_url": "https://github.com/advisories/GHSA-47jp-46c9-25vf", "reference_id": "GHSA-47jp-46c9-25vf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47jp-46c9-25vf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45120", "GHSA-47jp-46c9-25vf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vx13-4b1d-wbgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111762?format=api", "vulnerability_id": "VCID-vyyk-xq4q-b3bz", "summary": "Magento path traversal vulnerability\nMagento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79387", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01219", "scoring_system": "epss", "scoring_elements": "0.79414", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9689" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e#diff-7c7399d1d47cdaf120a1a503b7ad87f496d98790203dc82b395ec6bc2d430a55", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e#diff-7c7399d1d47cdaf120a1a503b7ad87f496d98790203dc82b395ec6bc2d430a55" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9689", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9689" }, { "reference_url": "https://github.com/advisories/GHSA-fr6f-xmfx-rrpq", "reference_id": "GHSA-fr6f-xmfx-rrpq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fr6f-xmfx-rrpq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77753?format=api", "purl": "pkg:composer/magento/community-edition@2.3.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.5-p2" } ], "aliases": [ "CVE-2020-9689", "GHSA-fr6f-xmfx-rrpq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyyk-xq4q-b3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111364?format=api", "vulnerability_id": "VCID-w42y-yc7r-kqhp", "summary": "Magento stored cross-site scripting vulnerability in the customer address upload feature\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01528", "scoring_system": "epss", "scoring_elements": "0.81624", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01528", "scoring_system": "epss", "scoring_elements": "0.81654", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36026" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36026", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36026" }, { "reference_url": "https://github.com/advisories/GHSA-8gfq-m4cf-w975", "reference_id": "GHSA-8gfq-m4cf-w975", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8gfq-m4cf-w975" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36026", "GHSA-8gfq-m4cf-w975" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w42y-yc7r-kqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111309?format=api", "vulnerability_id": "VCID-w4uu-k7nk-a7hr", "summary": "Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58965", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21027" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21027", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21027" }, { "reference_url": "https://github.com/advisories/GHSA-h4xc-577p-hgj9", "reference_id": "GHSA-h4xc-577p-hgj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4xc-577p-hgj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21027", "GHSA-h4xc-577p-hgj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4uu-k7nk-a7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111983?format=api", "vulnerability_id": "VCID-wbt5-q9qd-8kby", "summary": "Magento Path Traversal vulnerability\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00574", "scoring_system": "epss", "scoring_elements": "0.69125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00574", "scoring_system": "epss", "scoring_elements": "0.69164", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28584" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28584", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28584" }, { "reference_url": "https://github.com/advisories/GHSA-7gpv-xrjr-f5h4", "reference_id": "GHSA-7gpv-xrjr-f5h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gpv-xrjr-f5h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28584", "GHSA-7gpv-xrjr-f5h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbt5-q9qd-8kby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112277?format=api", "vulnerability_id": "VCID-wh14-k3ex-pubq", "summary": "Magento affected by a business logic error in the placeOrder graphql mutation\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00792", "scoring_system": "epss", "scoring_elements": "0.74277", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00792", "scoring_system": "epss", "scoring_elements": "0.7431", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36012" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36012", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36012" }, { "reference_url": "https://github.com/advisories/GHSA-3f97-7pgv-gmgr", "reference_id": "GHSA-3f97-7pgv-gmgr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3f97-7pgv-gmgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36012", "GHSA-3f97-7pgv-gmgr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wh14-k3ex-pubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55990?format=api", "vulnerability_id": "VCID-wvyx-2bbb-9yf7", "summary": "Magento Open Source Information Exposure vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28716", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45133" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:05Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45133", "reference_id": "CVE-2024-45133", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45133" }, { "reference_url": "https://github.com/advisories/GHSA-j3mh-wx5f-2vhg", "reference_id": "GHSA-j3mh-wx5f-2vhg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3mh-wx5f-2vhg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45133", "GHSA-j3mh-wx5f-2vhg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvyx-2bbb-9yf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110945?format=api", "vulnerability_id": "VCID-wwp5-kfhy-ufar", "summary": "Magento Signature verification bypass\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01185", "scoring_system": "epss", "scoring_elements": "0.79127", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01185", "scoring_system": "epss", "scoring_elements": "0.79153", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9588" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9588", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9588" }, { "reference_url": "https://github.com/advisories/GHSA-j2r4-2cr6-h3r3", "reference_id": "GHSA-j2r4-2cr6-h3r3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j2r4-2cr6-h3r3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9588", "GHSA-j2r4-2cr6-h3r3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwp5-kfhy-ufar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112253?format=api", "vulnerability_id": "VCID-wzcg-wnnq-uudu", "summary": "Magento security mitigation bypass vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07683", "scoring_system": "epss", "scoring_elements": "0.9205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07683", "scoring_system": "epss", "scoring_elements": "0.92063", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9631" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9631", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9631" }, { "reference_url": "https://github.com/advisories/GHSA-gffx-9f36-r8wp", "reference_id": "GHSA-gffx-9f36-r8wp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gffx-9f36-r8wp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9631", "GHSA-gffx-9f36-r8wp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcg-wnnq-uudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57821?format=api", "vulnerability_id": "VCID-wzu6-rbsv-mkde", "summary": "Magento vulnerable to path traversal\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69567", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559", "reference_id": "CVE-2025-49559", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559" }, { "reference_url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824", "reference_id": "GHSA-h4f4-gv6h-x824", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86026?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/86025?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/86024?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/86023?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/86022?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49559", "GHSA-h4f4-gv6h-x824" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzu6-rbsv-mkde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112088?format=api", "vulnerability_id": "VCID-xbhh-m11c-gkeu", "summary": "Magento Improper input validation vulnerability\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57907", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28585" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28585", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28585" }, { "reference_url": "https://github.com/advisories/GHSA-c38m-9668-6j2w", "reference_id": "GHSA-c38m-9668-6j2w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c38m-9668-6j2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28585", "GHSA-c38m-9668-6j2w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbhh-m11c-gkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57099?format=api", "vulnerability_id": "VCID-xfvu-2zg4-ruf6", "summary": "Magento Improper Authorization vulnerability\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36319", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27188" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:30Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27188", "reference_id": "CVE-2025-27188", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27188" }, { "reference_url": "https://github.com/advisories/GHSA-rr2g-rrjj-xw86", "reference_id": "GHSA-rr2g-rrjj-xw86", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rr2g-rrjj-xw86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84773?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/84774?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84775?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/84776?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/70851?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8" } ], "aliases": [ "CVE-2025-27188", "GHSA-rr2g-rrjj-xw86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfvu-2zg4-ruf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55981?format=api", "vulnerability_id": "VCID-xk5y-7a1w-zba9", "summary": "Magento Open Source Server-Side Request Forgery (SSRF) vulnerability\nAdobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57712", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45119" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:58:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45119", "reference_id": "CVE-2024-45119", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45119" }, { "reference_url": "https://github.com/advisories/GHSA-g9fm-wc6h-pvgj", "reference_id": "GHSA-g9fm-wc6h-pvgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9fm-wc6h-pvgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45119", "GHSA-g9fm-wc6h-pvgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xk5y-7a1w-zba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56640?format=api", "vulnerability_id": "VCID-xsq8-ztqh-ubb8", "summary": "Magento stored Cross-Site Scripting (XSS) vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04462", "scoring_system": "epss", "scoring_elements": "0.89292", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24438" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:43Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24438", "reference_id": "CVE-2025-24438", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24438" }, { "reference_url": "https://github.com/advisories/GHSA-8884-7rm9-mrx4", "reference_id": "GHSA-8884-7rm9-mrx4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8884-7rm9-mrx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24438", "GHSA-8884-7rm9-mrx4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsq8-ztqh-ubb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55987?format=api", "vulnerability_id": "VCID-y1v3-9tyq-uqhd", "summary": "Magento Open Source Information Exposure vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30677", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45134" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45134", "reference_id": "CVE-2024-45134", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45134" }, { "reference_url": "https://github.com/advisories/GHSA-4f89-5cwm-rm5g", "reference_id": "GHSA-4f89-5cwm-rm5g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f89-5cwm-rm5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45134", "GHSA-4f89-5cwm-rm5g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1v3-9tyq-uqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55696?format=api", "vulnerability_id": "VCID-y4u6-cy8y-hyae", "summary": "Magento Open Source Path Traversal vulnerability\nMagento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76318", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39406", "reference_id": "CVE-2024-39406", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39406" }, { "reference_url": "https://github.com/advisories/GHSA-6pxh-2557-5cj5", "reference_id": "GHSA-6pxh-2557-5cj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pxh-2557-5cj5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82410?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82409?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/82408?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/67320?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82407?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39406", "GHSA-6pxh-2557-5cj5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4u6-cy8y-hyae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56641?format=api", "vulnerability_id": "VCID-y7x4-664r-3fbk", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35372", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24436" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:53Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24436", "reference_id": "CVE-2025-24436", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24436" }, { "reference_url": "https://github.com/advisories/GHSA-ghpr-6qhr-rpp8", "reference_id": "GHSA-ghpr-6qhr-rpp8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ghpr-6qhr-rpp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84086?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/84085?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/84084?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/84083?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/84090?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24436", "GHSA-ghpr-6qhr-rpp8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7x4-664r-3fbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112329?format=api", "vulnerability_id": "VCID-ya5v-gewx-gudt", "summary": "Magento Security mitigation bypass vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.91038", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.91051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9580" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9580", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9580" }, { "reference_url": "https://github.com/advisories/GHSA-j2jp-58gv-g2pg", "reference_id": "GHSA-j2jp-58gv-g2pg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j2jp-58gv-g2pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9580", "GHSA-j2jp-58gv-g2pg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ya5v-gewx-gudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39275?format=api", "vulnerability_id": "VCID-yssg-z4sv-bfe7", "summary": "Cross-Site Request Forgery (CSRF)\nMagento Community Edition and Enterprise Edition have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09023", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09064", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5301" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://magento.com/security/patches/magento-2010-and-212-security-update", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://magento.com/security/patches/magento-2010-and-212-security-update" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5301", "reference_id": "CVE-2018-5301", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5301" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54812?format=api", "purl": "pkg:composer/magento/community-edition@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-1vw9-9rmg-ekdz" }, { "vulnerability": "VCID-2fd4-t2w2-8uhd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-2z3f-wtw6-yydf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4dpj-5zh4-4fgv" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5ppd-jm8d-97eh" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-6x2s-f7fh-4yac" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-f5ef-53gt-nbcu" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nf6t-99ep-w3dy" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qr9t-ckvn-8uby" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-tdg3-1dcq-ekgr" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-uwnu-vhsb-g3bj" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wwp5-kfhy-ufar" }, { "vulnerability": "VCID-wzcg-wnnq-uudu" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-ya5v-gewx-gudt" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zgyj-4zuz-wkev" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/54813?format=api", "purl": "pkg:composer/magento/community-edition@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1eda-g39a-pbbc" }, { "vulnerability": "VCID-1j1n-6t6c-5fh9" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-1rqu-rabn-s3hx" }, { "vulnerability": "VCID-1vw9-9rmg-ekdz" }, { "vulnerability": "VCID-2fd4-t2w2-8uhd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-2z3f-wtw6-yydf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3he2-uctk-kucj" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-451v-uuw6-t3cb" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4dpj-5zh4-4fgv" }, { "vulnerability": "VCID-4rgk-9g8x-9ba9" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-4yh7-33rp-57g6" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5jn6-gjtc-hkcv" }, { "vulnerability": "VCID-5ppd-jm8d-97eh" }, { "vulnerability": "VCID-647f-etpr-7yh2" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-6x2s-f7fh-4yac" }, { "vulnerability": "VCID-7e2t-x8vb-b7gu" }, { "vulnerability": "VCID-7h8f-y39q-9bgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8dk7-9x9f-nyce" }, { "vulnerability": "VCID-8dq1-mm7t-juge" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-98d9-mz52-r3df" }, { "vulnerability": "VCID-99yr-h8p6-pqek" }, { "vulnerability": "VCID-9gtb-vdpa-kudt" }, { "vulnerability": "VCID-9hzp-v5v4-g7d2" }, { "vulnerability": "VCID-9ukj-86yg-jqf8" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ajnp-hjpx-dqby" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-aqaj-qs9w-jkdd" }, { "vulnerability": "VCID-auav-unvj-jye2" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b2jc-f6dt-h7bh" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bsqw-1ywb-cydm" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c1zp-x19b-2ycy" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cmbh-d4y2-3fb4" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-cw2n-d2g1-hbft" }, { "vulnerability": "VCID-d2uj-57bk-tfft" }, { "vulnerability": "VCID-d683-e29k-4bec" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dh2p-qqbr-hkh4" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dvjb-gn4a-afhq" }, { "vulnerability": "VCID-dw3y-c8xc-vbg5" }, { "vulnerability": "VCID-e13p-7zwb-m3ft" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eyfh-jns6-vke5" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-f5ef-53gt-nbcu" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fn46-hk9u-dfhh" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-g8k7-agvs-ubbz" }, { "vulnerability": "VCID-g9uk-4dfd-muh4" }, { "vulnerability": "VCID-gdn6-jk9k-s3aj" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gred-dby6-bfhn" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hm1k-1xfy-6fh8" }, { "vulnerability": "VCID-hn49-n9xr-k7c7" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jjbr-mu9r-1bdh" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-jyup-mxz2-97b4" }, { "vulnerability": "VCID-k6r5-c576-8fab" }, { "vulnerability": "VCID-k7ej-dq8t-33df" }, { "vulnerability": "VCID-k8jy-nckd-vkde" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kfap-f6db-n3am" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kjp9-9vag-vqhs" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-m1yj-gxwk-4kfs" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mp31-hycm-xbgz" }, { "vulnerability": "VCID-mszv-cfc2-fkhj" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-myht-j19s-abbb" }, { "vulnerability": "VCID-n3kv-6gdp-qugd" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-n6jb-4vkn-f7d2" }, { "vulnerability": "VCID-ne2q-15ey-pbca" }, { "vulnerability": "VCID-nf6t-99ep-w3dy" }, { "vulnerability": "VCID-nhc5-t9tn-bucd" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pft7-2w44-2qh1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qcbx-aq4x-9far" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qr9t-ckvn-8uby" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qs9v-afgj-7bb3" }, { "vulnerability": "VCID-qwnb-6eb9-4ucf" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r9vd-3wxe-t3et" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s4dx-4hat-jfca" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-t5ps-kxef-xqdb" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-tcry-6ya3-73b3" }, { "vulnerability": "VCID-tdg3-1dcq-ekgr" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-teud-xzgx-m7ac" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tme1-k9t9-2qbb" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tw3n-nq5e-ukg1" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u1uw-9c7f-jfgn" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugug-4yz4-7kgc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upfh-zv37-ruhb" }, { "vulnerability": "VCID-uwnu-vhsb-g3bj" }, { "vulnerability": "VCID-v9mz-up25-cych" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vf6u-35k7-vucs" }, { "vulnerability": "VCID-vqqj-z31y-qfcr" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wcnq-dgb5-1yh2" }, { "vulnerability": "VCID-wcz3-j28f-gfek" }, { "vulnerability": "VCID-wfma-kt7g-dkbu" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wkhs-89a4-x3dq" }, { "vulnerability": "VCID-wsz3-ucbw-tkbw" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wwp5-kfhy-ufar" }, { "vulnerability": "VCID-wzcg-wnnq-uudu" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x1xg-sy2w-h7hy" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xrgt-rdg1-3kc2" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-ya5v-gewx-gudt" }, { "vulnerability": "VCID-yt2x-914b-27dz" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-z58v-fmp4-n3dh" }, { "vulnerability": "VCID-z7t9-t3q2-pycf" }, { "vulnerability": "VCID-zabm-9s5c-1bac" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zgyj-4zuz-wkev" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.1.2" } ], "aliases": [ "CVE-2018-5301", "GHSA-w3mq-67mw-3p9f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yssg-z4sv-bfe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54681?format=api", "vulnerability_id": "VCID-yvcy-4e8m-p3b8", "summary": "Improper Authorization\nAn authorization flaw was found in Magento. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49348", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49287", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28563" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://github.com/magento/magento2/commit/ed952726c94e401e922e88490e41a536f2d850e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/ed952726c94e401e922e88490e41a536f2d850e7" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28563", "reference_id": "CVE-2021-28563", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28563" }, { "reference_url": "https://github.com/advisories/GHSA-q9xx-4689-gvv5", "reference_id": "GHSA-q9xx-4689-gvv5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9xx-4689-gvv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66776?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28563", "GHSA-q9xx-4689-gvv5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvcy-4e8m-p3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48025?format=api", "vulnerability_id": "VCID-yyq6-dvyx-3bb9", "summary": "Magento vulnerable to stored Cross-Site Scripting (XSS)\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18183", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266", "reference_id": "CVE-2025-54266", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266" }, { "reference_url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5", "reference_id": "GHSA-pcrx-r49h-x2w5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70856?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/70855?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/70854?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70853?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54266", "GHSA-pcrx-r49h-x2w5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyq6-dvyx-3bb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55983?format=api", "vulnerability_id": "VCID-z2v2-n138-6ydv", "summary": "Magento Open Source stored Cross-Site Scripting (XSS) vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01887", "scoring_system": "epss", "scoring_elements": "0.83543", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45127" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:55Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45127", "reference_id": "CVE-2024-45127", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45127" }, { "reference_url": "https://github.com/advisories/GHSA-c89g-gq5r-2xw2", "reference_id": "GHSA-c89g-gq5r-2xw2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c89g-gq5r-2xw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45127", "GHSA-c89g-gq5r-2xw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2v2-n138-6ydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55995?format=api", "vulnerability_id": "VCID-zdpz-8tc2-6kah", "summary": "Magento Open Source Improper Authorization vulnerability\nMagento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13975", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45128" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:53:58Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45128", "reference_id": "CVE-2024-45128", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45128" }, { "reference_url": "https://github.com/advisories/GHSA-qpp7-742q-58j3", "reference_id": "GHSA-qpp7-742q-58j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpp7-742q-58j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82921?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/82920?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10" }, { "url": "http://public2.vulnerablecode.io/api/packages/82919?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82918?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70850?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45128", "GHSA-qpp7-742q-58j3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdpz-8tc2-6kah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111390?format=api", "vulnerability_id": "VCID-ze8y-4wfs-hbf9", "summary": "Magento is affected by an improper authorization vulnerability\nMagento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.76019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.76044", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36037" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36037", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36037" }, { "reference_url": "https://github.com/advisories/GHSA-vrq2-w7r7-3fp2", "reference_id": "GHSA-vrq2-w7r7-3fp2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrq2-w7r7-3fp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66777?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/274968?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66778?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/66997?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p1" } ], "aliases": [ "CVE-2021-36037", "GHSA-vrq2-w7r7-3fp2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ze8y-4wfs-hbf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111345?format=api", "vulnerability_id": "VCID-zgyj-4zuz-wkev", "summary": "Magento authorization bypass vulnerability\nMagento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68362", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68404", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9587" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-22.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9587" }, { "reference_url": "https://github.com/advisories/GHSA-8wm7-h2qh-ff4c", "reference_id": "GHSA-8wm7-h2qh-ff4c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8wm7-h2qh-ff4c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150341?format=api", "purl": "pkg:composer/magento/community-edition@2.3.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5t4k-dsf1-6yew" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-92tv-nghv-mqf2" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a5rz-y1hu-ubc6" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hr26-efy6-77dy" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tuw6-hdbp-yqb2" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-vyyk-xq4q-b3bz" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.4-p2" } ], "aliases": [ "CVE-2020-9587", "GHSA-8wm7-h2qh-ff4c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgyj-4zuz-wkev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54062?format=api", "vulnerability_id": "VCID-zubf-dqv7-xkf3", "summary": "Cross-site Scripting\nMagento is vulnerable to Cross-Site Scripting in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21029", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43501", "scoring_system": "epss", "scoring_elements": "0.97581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.43501", "scoring_system": "epss", "scoring_elements": "0.97586", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21029" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21029", "reference_id": "CVE-2021-21029", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21029" }, { "reference_url": "https://github.com/advisories/GHSA-jwxh-wj79-ccm6", "reference_id": "GHSA-jwxh-wj79-ccm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwxh-wj79-ccm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151862?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cafy-5dd8-rudj" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dj5a-35gt-u7dn" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-fzm9-e6bg-r7aw" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jr49-4fs3-8qcp" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qrwc-3gsb-zkfy" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-th7y-aj51-mbaj" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-yyq6-dvyx-3bb9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" }, { "vulnerability": "VCID-zkkk-5q62-ubca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21029", "GHSA-jwxh-wj79-ccm6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zubf-dqv7-xkf3" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.0.0-rc2" }