Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/27375?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/27375?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p2", "type": "composer", "namespace": "magento", "name": "community-edition", "version": "2.4.4-p2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.6-p13", "latest_non_vulnerable_version": "2.4.9-alpha3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55347?format=api", "vulnerability_id": "VCID-1bw2-wubb-hqdf", "summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.3052", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30735", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30716", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20718" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html", "reference_id": "apsb24-03.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-29T17:27:46Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20718", "reference_id": "CVE-2024-20718", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20718" }, { "reference_url": "https://github.com/advisories/GHSA-hqgj-4396-hmxv", "reference_id": "GHSA-hqgj-4396-hmxv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqgj-4396-hmxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29056?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/29052?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/29054?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-20718", "GHSA-hqgj-4396-hmxv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bw2-wubb-hqdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132328?format=api", "vulnerability_id": "VCID-2tge-6ken-kqge", "summary": "Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03849", "scoring_system": "epss", "scoring_elements": "0.88498", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03849", "scoring_system": "epss", "scoring_elements": "0.88505", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03849", "scoring_system": "epss", "scoring_elements": "0.88458", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38208" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38208", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38208" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html", "reference_id": "apsb23-42.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:53:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html" }, { "reference_url": "https://github.com/advisories/GHSA-mxc9-g6m4-2v35", "reference_id": "GHSA-mxc9-g6m4-2v35", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mxc9-g6m4-2v35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380580?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/380579?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/380578?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-38208", "GHSA-mxc9-g6m4-2v35" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tge-6ken-kqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132289?format=api", "vulnerability_id": "VCID-466x-mpt9-gbgy", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83442", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83433", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38249" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38249", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38249" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:36Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-rq36-9f5f-2gw7", "reference_id": "GHSA-rq36-9f5f-2gw7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rq36-9f5f-2gw7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-38249", "GHSA-rq36-9f5f-2gw7" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-466x-mpt9-gbgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88199?format=api", "vulnerability_id": "VCID-4nqq-nrne-17a2", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18338", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1836", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18174", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266", "reference_id": "CVE-2025-54266", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266" }, { "reference_url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5", "reference_id": "GHSA-pcrx-r49h-x2w5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54266", "GHSA-pcrx-r49h-x2w5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nqq-nrne-17a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49294?format=api", "vulnerability_id": "VCID-549e-3kmc-cyfw", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.7054", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70435", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70526", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:48:20Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104", "reference_id": "CVE-2024-34104", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104" }, { "reference_url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm", "reference_id": "GHSA-wwj3-573j-rvvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34104", "GHSA-wwj3-573j-rvvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-549e-3kmc-cyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87661?format=api", "vulnerability_id": "VCID-6d1u-exkw-hbfu", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98779", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98772", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98777", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236" }, { "reference_url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html", "reference_id": "apsb25-88.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html" }, { "reference_url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j", "reference_id": "GHSA-wh92-6q6g-px7j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380834?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/380578?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2" } ], "aliases": [ "CVE-2025-54236", "GHSA-wh92-6q6g-px7j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6d1u-exkw-hbfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132216?format=api", "vulnerability_id": "VCID-6gtw-hr2w-5fcd", "summary": "Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42413", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42226", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42391", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38209" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38209", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38209" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html", "reference_id": "apsb23-42.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html" }, { "reference_url": "https://github.com/advisories/GHSA-3vg2-v639-6ch9", "reference_id": "GHSA-3vg2-v639-6ch9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vg2-v639-6ch9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380580?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/380579?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/380578?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-38209", "GHSA-3vg2-v639-6ch9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6gtw-hr2w-5fcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88207?format=api", "vulnerability_id": "VCID-7bmk-3ab2-9ba6", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20657", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20679", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20479", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267", "reference_id": "CVE-2025-54267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267" }, { "reference_url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf", "reference_id": "GHSA-qvwr-p3hj-j6jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54267", "GHSA-qvwr-p3hj-j6jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bmk-3ab2-9ba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140464?format=api", "vulnerability_id": "VCID-7hqr-a671-wfhq", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.65107", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.65118", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.65007", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29292" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29292", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29292" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:16Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-4588-7x48-jrgj", "reference_id": "GHSA-4588-7x48-jrgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4588-7x48-jrgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29292", "GHSA-4588-7x48-jrgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hqr-a671-wfhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132240?format=api", "vulnerability_id": "VCID-8hfe-bt2u-37f9", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83442", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83433", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38221" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38221", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38221" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:37Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-ggr8-3hwx-4f2m", "reference_id": "GHSA-ggr8-3hwx-4f2m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ggr8-3hwx-4f2m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-38221", "GHSA-ggr8-3hwx-4f2m" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfe-bt2u-37f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140418?format=api", "vulnerability_id": "VCID-8r3a-tuwb-k3f5", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.69035", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.69047", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00566", "scoring_system": "epss", "scoring_elements": "0.68942", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29291" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29291", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29291" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:20Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-5f79-vhr4-vw2r", "reference_id": "GHSA-5f79-vhr4-vw2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f79-vhr4-vw2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29291", "GHSA-5f79-vhr4-vw2r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8r3a-tuwb-k3f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55317?format=api", "vulnerability_id": "VCID-96hr-sbyj-27dw", "summary": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82284", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82355", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82346", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20759" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html", "reference_id": "apsb24-18.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:07Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20759", "reference_id": "CVE-2024-20759", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20759" }, { "reference_url": "https://github.com/advisories/GHSA-59vf-hjxc-f9c5", "reference_id": "GHSA-59vf-hjxc-f9c5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59vf-hjxc-f9c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30245?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/30240?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30244?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/30243?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7" } ], "aliases": [ "CVE-2024-20759", "GHSA-59vf-hjxc-f9c5" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96hr-sbyj-27dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98404?format=api", "vulnerability_id": "VCID-9gb1-p5qf-3kd2", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01616", "scoring_system": "epss", "scoring_elements": "0.82286", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01616", "scoring_system": "epss", "scoring_elements": "0.82215", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01616", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj", "reference_id": "GHSA-wcmw-8xpp-rwfj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377522?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/377521?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/377520?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49558", "GHSA-wcmw-8xpp-rwfj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gb1-p5qf-3kd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149530?format=api", "vulnerability_id": "VCID-9kv7-4rer-m3fs", "summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42102", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42122", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41938", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22251" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22251", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22251" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html", "reference_id": "apsb23-17.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html" }, { "reference_url": "https://github.com/advisories/GHSA-2wm7-mmgc-qxr3", "reference_id": "GHSA-2wm7-mmgc-qxr3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2wm7-mmgc-qxr3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380833?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380834?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/29055?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6" } ], "aliases": [ "CVE-2023-22251", "GHSA-2wm7-mmgc-qxr3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kv7-4rer-m3fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131940?format=api", "vulnerability_id": "VCID-afft-etfr-n3ep", "summary": "Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01147", "scoring_system": "epss", "scoring_elements": "0.78945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01147", "scoring_system": "epss", "scoring_elements": "0.78962", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01147", "scoring_system": "epss", "scoring_elements": "0.78879", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38207" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38207", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38207" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html", "reference_id": "apsb23-42.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:21Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html" }, { "reference_url": "https://github.com/advisories/GHSA-rpv2-g4pc-wp72", "reference_id": "GHSA-rpv2-g4pc-wp72", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rpv2-g4pc-wp72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380580?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/380579?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/380578?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-38207", "GHSA-rpv2-g4pc-wp72" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afft-etfr-n3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149847?format=api", "vulnerability_id": "VCID-df8h-8pgg-efg2", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38101", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38126", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37925", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22248" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22248", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22248" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-5jfg-phx7-7fxg", "reference_id": "GHSA-5jfg-phx7-7fxg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jfg-phx7-7fxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380579?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-22248", "GHSA-5jfg-phx7-7fxg" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-df8h-8pgg-efg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149538?format=api", "vulnerability_id": "VCID-drw7-nqdq-sfgj", "summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05206", "scoring_system": "epss", "scoring_elements": "0.90189", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.05206", "scoring_system": "epss", "scoring_elements": "0.9015", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05206", "scoring_system": "epss", "scoring_elements": "0.90181", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22249" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22249", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22249" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html", "reference_id": "apsb23-17.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:51Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html" }, { "reference_url": "https://github.com/advisories/GHSA-fxcr-gvcw-hmqm", "reference_id": "GHSA-fxcr-gvcw-hmqm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxcr-gvcw-hmqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380833?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380834?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" } ], "aliases": [ "CVE-2023-22249", "GHSA-fxcr-gvcw-hmqm" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drw7-nqdq-sfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132260?format=api", "vulnerability_id": "VCID-e9g4-n5c8-6yf9", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81719", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.8165", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.8171", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38219" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38219", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38219" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:34Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-3j7w-jp46-9752", "reference_id": "GHSA-3j7w-jp46-9752", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3j7w-jp46-9752" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-38219", "GHSA-3j7w-jp46-9752" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9g4-n5c8-6yf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49909?format=api", "vulnerability_id": "VCID-eban-ja9z-f7ep", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71417", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71516", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71504", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:21:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106", "reference_id": "CVE-2024-34106", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106" }, { "reference_url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64", "reference_id": "GHSA-p6h9-gx5g-wg64", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34106", "GHSA-p6h9-gx5g-wg64" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eban-ja9z-f7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88335?format=api", "vulnerability_id": "VCID-eusf-bc81-9uhv", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2613", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25914", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26114", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263", "reference_id": "CVE-2025-54263", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263" }, { "reference_url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8", "reference_id": "GHSA-69x9-xp2j-w8g8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54263", "GHSA-69x9-xp2j-w8g8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eusf-bc81-9uhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140949?format=api", "vulnerability_id": "VCID-ezee-pmc6-tuc2", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37306", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37331", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37127", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29288" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29288", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29288" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-f989-3fp9-q3r2", "reference_id": "GHSA-f989-3fp9-q3r2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f989-3fp9-q3r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29288", "GHSA-f989-3fp9-q3r2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezee-pmc6-tuc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131725?format=api", "vulnerability_id": "VCID-fb5x-afrq-87aj", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4631", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46154", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46298", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38251" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38251", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38251" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-7pfc-834q-h497", "reference_id": "GHSA-7pfc-834q-h497", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7pfc-834q-h497" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-38251", "GHSA-7pfc-834q-h497" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fb5x-afrq-87aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140629?format=api", "vulnerability_id": "VCID-ff1h-49j6-fygj", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14335", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14216", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29293" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29293", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29293" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-66c9-xrwj-9xv6", "reference_id": "GHSA-66c9-xrwj-9xv6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66c9-xrwj-9xv6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29293", "GHSA-66c9-xrwj-9xv6" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ff1h-49j6-fygj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97905?format=api", "vulnerability_id": "VCID-fqkf-67fw-cyb8", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.85121", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.8513", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.85068", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824", "reference_id": "GHSA-h4f4-gv6h-x824", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377522?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/377521?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/377520?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49559", "GHSA-h4f4-gv6h-x824" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkf-67fw-cyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49820?format=api", "vulnerability_id": "VCID-frhp-vgpt-g7am", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83363", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83294", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83355", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-14T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103", "reference_id": "CVE-2024-34103", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103" }, { "reference_url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774", "reference_id": "GHSA-f7q4-9gwv-6774", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34103", "GHSA-f7q4-9gwv-6774" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frhp-vgpt-g7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55009?format=api", "vulnerability_id": "VCID-fz2x-ms14-pkfs", "summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01149", "scoring_system": "epss", "scoring_elements": "0.78899", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01149", "scoring_system": "epss", "scoring_elements": "0.78982", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01149", "scoring_system": "epss", "scoring_elements": "0.78965", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20719" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html", "reference_id": "apsb24-03.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T05:00:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20719", "reference_id": "CVE-2024-20719", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20719" }, { "reference_url": "https://github.com/advisories/GHSA-264g-f7v8-q5qq", "reference_id": "GHSA-264g-f7v8-q5qq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-264g-f7v8-q5qq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29056?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/29052?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/29054?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-20719", "GHSA-264g-f7v8-q5qq" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz2x-ms14-pkfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98222?format=api", "vulnerability_id": "VCID-gakd-m2af-z7c2", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.65062", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64951", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.65051", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49550" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49550", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49550" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:07:51Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-8hcx-xvww-6c6h", "reference_id": "GHSA-8hcx-xvww-6c6h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8hcx-xvww-6c6h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378550?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/378549?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/378548?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49550", "GHSA-8hcx-xvww-6c6h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gakd-m2af-z7c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98053?format=api", "vulnerability_id": "VCID-gx3s-7cxk-pyfc", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.78008", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.77927", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.77994", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h", "reference_id": "GHSA-7hrj-3c9x-xv5h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377522?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/377521?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/377520?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49556", "GHSA-7hrj-3c9x-xv5h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gx3s-7cxk-pyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87827?format=api", "vulnerability_id": "VCID-h2ju-dedu-fqad", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29706", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29688", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265", "reference_id": "CVE-2025-54265", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265" }, { "reference_url": "https://github.com/advisories/GHSA-r355-75hw-r8jf", "reference_id": "GHSA-r355-75hw-r8jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r355-75hw-r8jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54265", "GHSA-r355-75hw-r8jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ju-dedu-fqad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132280?format=api", "vulnerability_id": "VCID-jkrp-j7st-27f3", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83442", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83433", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38250" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38250", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38250" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:35Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-h3g9-cwr6-hphx", "reference_id": "GHSA-h3g9-cwr6-hphx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3g9-cwr6-hphx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-38250", "GHSA-h3g9-cwr6-hphx" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkrp-j7st-27f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55080?format=api", "vulnerability_id": "VCID-jnuu-9mt7-jyd5", "summary": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02201", "scoring_system": "epss", "scoring_elements": "0.84788", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02201", "scoring_system": "epss", "scoring_elements": "0.84849", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02201", "scoring_system": "epss", "scoring_elements": "0.84841", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20758" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html", "reference_id": "apsb24-18.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20758", "reference_id": "CVE-2024-20758", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20758" }, { "reference_url": "https://github.com/advisories/GHSA-wh4m-6rh3-p4rq", "reference_id": "GHSA-wh4m-6rh3-p4rq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh4m-6rh3-p4rq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30245?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/30240?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30244?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/30243?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7" } ], "aliases": [ "CVE-2024-20758", "GHSA-wh4m-6rh3-p4rq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnuu-9mt7-jyd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140523?format=api", "vulnerability_id": "VCID-kbkg-d58m-h7bf", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30792", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.3081", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30594", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29296" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29296", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29296" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-3qr4-w96f-672v", "reference_id": "GHSA-3qr4-w96f-672v", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3qr4-w96f-672v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29296", "GHSA-3qr4-w96f-672v" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbkg-d58m-h7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49778?format=api", "vulnerability_id": "VCID-kf6b-mshs-23fa", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.7321", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73117", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73195", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:30:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107", "reference_id": "CVE-2024-34107", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107" }, { "reference_url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g", "reference_id": "GHSA-r7cm-g469-wm4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34107", "GHSA-r7cm-g469-wm4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf6b-mshs-23fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97819?format=api", "vulnerability_id": "VCID-ktnj-j4xu-uufs", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59261", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59273", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw", "reference_id": "GHSA-5777-jj7p-mpqw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377522?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/377521?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/377520?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49555", "GHSA-5777-jj7p-mpqw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktnj-j4xu-uufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140865?format=api", "vulnerability_id": "VCID-mb5s-j22m-3qdx", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08749", "scoring_system": "epss", "scoring_elements": "0.92718", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.08749", "scoring_system": "epss", "scoring_elements": "0.92721", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.08749", "scoring_system": "epss", "scoring_elements": "0.92693", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29297" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29297", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29297" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T18:37:01Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-gfmm-ww6f-5mm5", "reference_id": "GHSA-gfmm-ww6f-5mm5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gfmm-ww6f-5mm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29297", "GHSA-gfmm-ww6f-5mm5" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mb5s-j22m-3qdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87743?format=api", "vulnerability_id": "VCID-pcm6-819d-6uhm", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44191", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.4421", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44038", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264", "reference_id": "CVE-2025-54264", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264" }, { "reference_url": "https://github.com/advisories/GHSA-2768-5wmv-cfff", "reference_id": "GHSA-2768-5wmv-cfff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2768-5wmv-cfff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54264", "GHSA-2768-5wmv-cfff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcm6-819d-6uhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55272?format=api", "vulnerability_id": "VCID-pzjb-n7ah-ffcg", "summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07195", "scoring_system": "epss", "scoring_elements": "0.91784", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07195", "scoring_system": "epss", "scoring_elements": "0.91821", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.07195", "scoring_system": "epss", "scoring_elements": "0.91812", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20720" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html", "reference_id": "apsb24-03.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-11T17:46:31Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20720", "reference_id": "CVE-2024-20720", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20720" }, { "reference_url": "https://github.com/advisories/GHSA-525f-pvj5-vqmq", "reference_id": "GHSA-525f-pvj5-vqmq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-525f-pvj5-vqmq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29056?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/29052?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/29054?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-20720", "GHSA-525f-pvj5-vqmq" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pzjb-n7ah-ffcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135957?format=api", "vulnerability_id": "VCID-q12a-kwpk-yufv", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58358", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.5823", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58342", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26366" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26366", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26366" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-8jxc-5f94-22vh", "reference_id": "GHSA-8jxc-5f94-22vh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jxc-5f94-22vh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-26366", "GHSA-8jxc-5f94-22vh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q12a-kwpk-yufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149491?format=api", "vulnerability_id": "VCID-qcwq-814h-63c2", "summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04774", "scoring_system": "epss", "scoring_elements": "0.89731", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04774", "scoring_system": "epss", "scoring_elements": "0.89738", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.04774", "scoring_system": "epss", "scoring_elements": "0.89697", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22247" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22247", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22247" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html", "reference_id": "apsb23-17.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:24Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html" }, { "reference_url": "https://github.com/advisories/GHSA-2444-8gj8-6fmx", "reference_id": "GHSA-2444-8gj8-6fmx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2444-8gj8-6fmx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380833?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380834?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/29055?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6" } ], "aliases": [ "CVE-2023-22247", "GHSA-2444-8gj8-6fmx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qcwq-814h-63c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140643?format=api", "vulnerability_id": "VCID-qgse-3kg2-7ke7", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58495", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58511", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58383", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29289" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29289", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29289" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-wh42-8r2w-873x", "reference_id": "GHSA-wh42-8r2w-873x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh42-8r2w-873x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29289", "GHSA-wh42-8r2w-873x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgse-3kg2-7ke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136042?format=api", "vulnerability_id": "VCID-qr8w-qwb5-6uag", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58915", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58788", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.589", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26367" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26367", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26367" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-9mx6-4gg4-85xj", "reference_id": "GHSA-9mx6-4gg4-85xj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9mx6-4gg4-85xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-26367", "GHSA-9mx6-4gg4-85xj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8w-qwb5-6uag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140875?format=api", "vulnerability_id": "VCID-swsg-c57z-1fe5", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35012", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35035", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34832", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29290" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29290", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29290" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-qw5m-vmp3-f553", "reference_id": "GHSA-qw5m-vmp3-f553", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qw5m-vmp3-f553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29290", "GHSA-qw5m-vmp3-f553" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swsg-c57z-1fe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97813?format=api", "vulnerability_id": "VCID-twdq-g82m-nqcp", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77553", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77469", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77538", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr", "reference_id": "GHSA-xgfm-992v-h2hr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377522?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/377521?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/377520?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49554", "GHSA-xgfm-992v-h2hr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twdq-g82m-nqcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140815?format=api", "vulnerability_id": "VCID-u7wj-vk3w-sbb8", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41874", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41894", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41709", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29294" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29294", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29294" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:09Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-28vp-39rf-3q2j", "reference_id": "GHSA-28vp-39rf-3q2j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-28vp-39rf-3q2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29294", "GHSA-28vp-39rf-3q2j" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7wj-vk3w-sbb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140391?format=api", "vulnerability_id": "VCID-v4kk-tszr-puge", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54509", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54524", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54383", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29287" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29287", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29287" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:07Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-85m4-g9vq-xpxj", "reference_id": "GHSA-85m4-g9vq-xpxj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85m4-g9vq-xpxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29287", "GHSA-85m4-g9vq-xpxj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4kk-tszr-puge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149776?format=api", "vulnerability_id": "VCID-vgck-qufa-y7g8", "summary": "Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.6354", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63552", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63437", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22250" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22250", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22250" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html", "reference_id": "apsb23-17.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:21Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-17.html" }, { "reference_url": "https://github.com/advisories/GHSA-4h7p-4vq8-g2gh", "reference_id": "GHSA-4h7p-4vq8-g2gh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h7p-4vq8-g2gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380833?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380834?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/29055?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6" } ], "aliases": [ "CVE-2023-22250", "GHSA-4h7p-4vq8-g2gh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgck-qufa-y7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/117249?format=api", "vulnerability_id": "VCID-xgh4-b9yn-dkh4", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72671", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72686", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72594", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27206" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27206", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27206" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T18:08:33Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-g2pj-xmxq-3r9q", "reference_id": "GHSA-g2pj-xmxq-3r9q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g2pj-xmxq-3r9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378550?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/378549?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/378548?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-27206", "GHSA-g2pj-xmxq-3r9q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgh4-b9yn-dkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49335?format=api", "vulnerability_id": "VCID-xgk2-yecx-q3ff", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94171", "scoring_system": "epss", "scoring_elements": "0.99921", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.94171", "scoring_system": "epss", "scoring_elements": "0.9992", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102", "reference_id": "cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102", "reference_id": "CVE-2024-34102", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml", "reference_id": "CVE-2024-34102.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj", "reference_id": "GHSA-m8cj-3v68-3cxj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34102", "GHSA-m8cj-3v68-3cxj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgk2-yecx-q3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88657?format=api", "vulnerability_id": "VCID-xjd4-w9bn-mbex", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.698", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69695", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69786", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43585" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43585" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:23:05Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-r487-9vv5-75gg", "reference_id": "GHSA-r487-9vv5-75gg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r487-9vv5-75gg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378550?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/378549?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/378548?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-43585", "GHSA-r487-9vv5-75gg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjd4-w9bn-mbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97932?format=api", "vulnerability_id": "VCID-xqc4-jf6e-abfg", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67108", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67121", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67016", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49549" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49549", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49549" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:12:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-85jx-x9r4-45m2", "reference_id": "GHSA-85jx-x9r4-45m2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-85jx-x9r4-45m2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378550?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/378549?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/378548?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49549", "GHSA-85jx-x9r4-45m2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqc4-jf6e-abfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140382?format=api", "vulnerability_id": "VCID-xrwz-zqgd-7yc5", "summary": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30792", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.3081", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30594", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29295" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29295", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29295" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "apsb23-35.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://github.com/advisories/GHSA-354h-fpmq-68v7", "reference_id": "GHSA-354h-fpmq-68v7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-354h-fpmq-68v7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381713?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/381712?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/29053?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2023-29295", "GHSA-354h-fpmq-68v7" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrwz-zqgd-7yc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119460?format=api", "vulnerability_id": "VCID-z97t-ffda-vfes", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72759", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72774", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r", "reference_id": "GHSA-j934-vjh5-vf9r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378550?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/378549?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11" }, { "url": "http://public2.vulnerablecode.io/api/packages/378548?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/378782?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-47110", "GHSA-j934-vjh5-vf9r" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z97t-ffda-vfes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356273?format=api", "vulnerability_id": "VCID-zssu-1dmn-sycb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7232", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.72402", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.72416", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38218" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38218", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38218" }, { "reference_url": "https://github.com/advisories/GHSA-rpc7-gf58-v3x2", "reference_id": "GHSA-rpc7-gf58-v3x2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rpc7-gf58-v3x2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-38218", "GHSA-rpc7-gf58-v3x2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zssu-1dmn-sycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49810?format=api", "vulnerability_id": "VCID-zthr-mpwx-1fef", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73857", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73767", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73841", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-13T21:18:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111", "reference_id": "CVE-2024-34111", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111" }, { "reference_url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3", "reference_id": "GHSA-jmqp-r3gg-6jh3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34111", "GHSA-jmqp-r3gg-6jh3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zthr-mpwx-1fef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49344?format=api", "vulnerability_id": "VCID-zv6m-4py8-3ydq", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83955", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.8389", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83947", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:04:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105", "reference_id": "CVE-2024-34105", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105" }, { "reference_url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9", "reference_id": "GHSA-5632-wq7m-gfq9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34105", "GHSA-5632-wq7m-gfq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6m-4py8-3ydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55183?format=api", "vulnerability_id": "VCID-zwem-swqk-1kaz", "summary": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50307", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50459", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.5044", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20716" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html", "reference_id": "apsb24-03.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-18T00:20:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20716", "reference_id": "CVE-2024-20716", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20716" }, { "reference_url": "https://github.com/advisories/GHSA-c9h9-h5gf-885r", "reference_id": "GHSA-c9h9-h5gf-885r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9h9-h5gf-885r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29056?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/29052?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/29054?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-20716", "GHSA-c9h9-h5gf-885r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwem-swqk-1kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131843?format=api", "vulnerability_id": "VCID-zym7-1cr7-mkaa", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35963", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3576", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3594", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38220" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38220", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38220" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-grc6-r6f8-xj7c", "reference_id": "GHSA-grc6-r6f8-xj7c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grc6-r6f8-xj7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379080?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379079?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/379078?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379077?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2" } ], "aliases": [ "CVE-2023-38220", "GHSA-grc6-r6f8-xj7c" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zym7-1cr7-mkaa" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167493?format=api", "vulnerability_id": "VCID-3w11-7use-6kfv", "summary": "Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02186", "scoring_system": "epss", "scoring_elements": "0.84734", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02186", "scoring_system": "epss", "scoring_elements": "0.84795", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02186", "scoring_system": "epss", "scoring_elements": "0.84786", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35698" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html", "reference_id": "apsb22-48.html", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:07:24Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35698", "reference_id": "CVE-2022-35698", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35698" }, { "reference_url": "https://github.com/advisories/GHSA-4vj2-426r-jm3g", "reference_id": "GHSA-4vj2-426r-jm3g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vj2-426r-jm3g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27375?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9kv7-4rer-m3fs" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-drw7-nqdq-sfgj" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qcwq-814h-63c2" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgck-qufa-y7g8" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/29051?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-9kv7-4rer-m3fs" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-drw7-nqdq-sfgj" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qcwq-814h-63c2" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgck-qufa-y7g8" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p1" } ], "aliases": [ "CVE-2022-35698", "GHSA-4vj2-426r-jm3g" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3w11-7use-6kfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97922?format=api", "vulnerability_id": "VCID-53sd-5nuj-e7d9", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49258", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49276", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4912", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49557" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49557", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49557" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-8mq8-c243-2335", "reference_id": "GHSA-8mq8-c243-2335", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8mq8-c243-2335" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377756?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p15" }, { "url": "http://public2.vulnerablecode.io/api/packages/27375?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9kv7-4rer-m3fs" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-drw7-nqdq-sfgj" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qcwq-814h-63c2" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgck-qufa-y7g8" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377522?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14" }, { "url": "http://public2.vulnerablecode.io/api/packages/377521?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12" }, { "url": "http://public2.vulnerablecode.io/api/packages/377520?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49557", "GHSA-8mq8-c243-2335" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53sd-5nuj-e7d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167540?format=api", "vulnerability_id": "VCID-faxs-pnwr-8udn", "summary": "Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65889", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65999", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65985", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35689" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html", "reference_id": "apsb22-48.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:05:52Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-48.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35689", "reference_id": "CVE-2022-35689", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35689" }, { "reference_url": "https://github.com/advisories/GHSA-5fxx-jwjm-x9hj", "reference_id": "GHSA-5fxx-jwjm-x9hj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5fxx-jwjm-x9hj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27375?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9kv7-4rer-m3fs" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-drw7-nqdq-sfgj" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-qcwq-814h-63c2" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgck-qufa-y7g8" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/29051?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1bw2-wubb-hqdf" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-2tge-6ken-kqge" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6gtw-hr2w-5fcd" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7hqr-a671-wfhq" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-8r3a-tuwb-k3f5" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-9kv7-4rer-m3fs" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-afft-etfr-n3ep" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-df8h-8pgg-efg2" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-drw7-nqdq-sfgj" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ezee-pmc6-tuc2" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-ff1h-49j6-fygj" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-fz2x-ms14-pkfs" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kbkg-d58m-h7bf" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mb5s-j22m-3qdx" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-pzjb-n7ah-ffcg" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qcwq-814h-63c2" }, { "vulnerability": "VCID-qgse-3kg2-7ke7" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-swsg-c57z-1fe5" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u7wj-vk3w-sbb8" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-v4kk-tszr-puge" }, { "vulnerability": "VCID-vgck-qufa-y7g8" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-xrwz-zqgd-7yc5" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" }, { "vulnerability": "VCID-zwem-swqk-1kaz" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p1" } ], "aliases": [ "CVE-2022-35689", "GHSA-5fxx-jwjm-x9hj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-faxs-pnwr-8udn" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p2" }