Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/32193?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "type": "composer", "namespace": "magento", "name": "community-edition", "version": "2.4.5-p8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.6-p13", "latest_non_vulnerable_version": "2.4.9-alpha3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46533?format=api", "vulnerability_id": "VCID-158t-bqnb-83d4", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76439", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76449", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76369", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76454", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39406", "reference_id": "CVE-2024-39406", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39406" }, { "reference_url": "https://github.com/advisories/GHSA-6pxh-2557-5cj5", "reference_id": "GHSA-6pxh-2557-5cj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pxh-2557-5cj5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39406", "GHSA-6pxh-2557-5cj5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-158t-bqnb-83d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46780?format=api", "vulnerability_id": "VCID-2t3q-pmg5-qyhn", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46366", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46508", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46511", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46522", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39405" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:21Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39405", "reference_id": "CVE-2024-39405", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39405" }, { "reference_url": "https://github.com/advisories/GHSA-5g9f-7gqc-8hj4", "reference_id": "GHSA-5g9f-7gqc-8hj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5g9f-7gqc-8hj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39405", "GHSA-5g9f-7gqc-8hj4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2t3q-pmg5-qyhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46531?format=api", "vulnerability_id": "VCID-368r-um85-k3d2", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56177", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.563", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56297", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56311", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39418" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39418", "reference_id": "CVE-2024-39418", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39418" }, { "reference_url": "https://github.com/advisories/GHSA-gvgf-pvh5-vjh4", "reference_id": "GHSA-gvgf-pvh5-vjh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvgf-pvh5-vjh4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39418", "GHSA-gvgf-pvh5-vjh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-368r-um85-k3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47005?format=api", "vulnerability_id": "VCID-3s5p-wb18-13ge", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75184", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75264", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75268", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75254", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39399" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T14:09:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39399", "reference_id": "CVE-2024-39399", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39399" }, { "reference_url": "https://github.com/advisories/GHSA-7r99-8wqp-h7pc", "reference_id": "GHSA-7r99-8wqp-h7pc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7r99-8wqp-h7pc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39399", "GHSA-7r99-8wqp-h7pc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3s5p-wb18-13ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46497?format=api", "vulnerability_id": "VCID-3uj4-thpr-cue1", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48016", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47859", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39407" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39407", "reference_id": "CVE-2024-39407", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39407" }, { "reference_url": "https://github.com/advisories/GHSA-cjm6-8mw8-2f8c", "reference_id": "GHSA-cjm6-8mw8-2f8c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjm6-8mw8-2f8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39407", "GHSA-cjm6-8mw8-2f8c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uj4-thpr-cue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46502?format=api", "vulnerability_id": "VCID-3ydj-usv4-47fq", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67137", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67045", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39410" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39410", "reference_id": "CVE-2024-39410", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39410" }, { "reference_url": "https://github.com/advisories/GHSA-4323-f82v-f6jr", "reference_id": "GHSA-4323-f82v-f6jr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4323-f82v-f6jr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39410", "GHSA-4323-f82v-f6jr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydj-usv4-47fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46929?format=api", "vulnerability_id": "VCID-4b5p-wqtj-7kbe", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67045", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67137", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39409" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:00Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39409", "reference_id": "CVE-2024-39409", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39409" }, { "reference_url": "https://github.com/advisories/GHSA-rf4q-m23c-7q8r", "reference_id": "GHSA-rf4q-m23c-7q8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rf4q-m23c-7q8r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39409", "GHSA-rf4q-m23c-7q8r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4b5p-wqtj-7kbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88199?format=api", "vulnerability_id": "VCID-4nqq-nrne-17a2", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18174", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18336", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18338", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1836", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266", "reference_id": "CVE-2025-54266", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266" }, { "reference_url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5", "reference_id": "GHSA-pcrx-r49h-x2w5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54266", "GHSA-pcrx-r49h-x2w5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nqq-nrne-17a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46833?format=api", "vulnerability_id": "VCID-6v47-xgpq-zkgf", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86044", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86101", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86105", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86093", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39401" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:32Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39401", "reference_id": "CVE-2024-39401", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39401" }, { "reference_url": "https://github.com/advisories/GHSA-8frp-pxq2-3gpq", "reference_id": "GHSA-8frp-pxq2-3gpq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8frp-pxq2-3gpq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39401", "GHSA-8frp-pxq2-3gpq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6v47-xgpq-zkgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88207?format=api", "vulnerability_id": "VCID-7bmk-3ab2-9ba6", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20657", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20679", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20479", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267", "reference_id": "CVE-2025-54267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267" }, { "reference_url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf", "reference_id": "GHSA-qvwr-p3hj-j6jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54267", "GHSA-qvwr-p3hj-j6jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bmk-3ab2-9ba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46839?format=api", "vulnerability_id": "VCID-8365-zgh2-w3cc", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39413" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39413", "reference_id": "CVE-2024-39413", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39413" }, { "reference_url": "https://github.com/advisories/GHSA-8w5f-8992-g86j", "reference_id": "GHSA-8w5f-8992-g86j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w5f-8992-g86j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39413", "GHSA-8w5f-8992-g86j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8365-zgh2-w3cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46971?format=api", "vulnerability_id": "VCID-bftg-2sea-57cv", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46366", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46508", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46511", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46522", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39419" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:00Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39419", "reference_id": "CVE-2024-39419", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39419" }, { "reference_url": "https://github.com/advisories/GHSA-74w7-cr4v-wf2v", "reference_id": "GHSA-74w7-cr4v-wf2v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-74w7-cr4v-wf2v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39419", "GHSA-74w7-cr4v-wf2v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bftg-2sea-57cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46517?format=api", "vulnerability_id": "VCID-dsy7-gm7v-tqc8", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39415" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39415", "reference_id": "CVE-2024-39415", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39415" }, { "reference_url": "https://github.com/advisories/GHSA-gj93-84g5-mcjq", "reference_id": "GHSA-gj93-84g5-mcjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj93-84g5-mcjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39415", "GHSA-gj93-84g5-mcjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsy7-gm7v-tqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88335?format=api", "vulnerability_id": "VCID-eusf-bc81-9uhv", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25914", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26115", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2613", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26114", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263", "reference_id": "CVE-2025-54263", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263" }, { "reference_url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8", "reference_id": "GHSA-69x9-xp2j-w8g8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54263", "GHSA-69x9-xp2j-w8g8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eusf-bc81-9uhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46736?format=api", "vulnerability_id": "VCID-gxbc-u5mr-f3c9", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86453", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86512", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86514", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86504", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39403" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39403", "reference_id": "CVE-2024-39403", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39403" }, { "reference_url": "https://github.com/advisories/GHSA-mmp7-8cg4-9wrg", "reference_id": "GHSA-mmp7-8cg4-9wrg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmp7-8cg4-9wrg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39403", "GHSA-mmp7-8cg4-9wrg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbc-u5mr-f3c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87827?format=api", "vulnerability_id": "VCID-h2ju-dedu-fqad", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2969", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29706", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29688", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265", "reference_id": "CVE-2025-54265", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265" }, { "reference_url": "https://github.com/advisories/GHSA-r355-75hw-r8jf", "reference_id": "GHSA-r355-75hw-r8jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r355-75hw-r8jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54265", "GHSA-r355-75hw-r8jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ju-dedu-fqad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46560?format=api", "vulnerability_id": "VCID-j9e4-4xta-6qc5", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55433", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55556", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55553", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39414" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39414", "reference_id": "CVE-2024-39414", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39414" }, { "reference_url": "https://github.com/advisories/GHSA-x6f9-hv9r-fgq4", "reference_id": "GHSA-x6f9-hv9r-fgq4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x6f9-hv9r-fgq4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39414", "GHSA-x6f9-hv9r-fgq4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j9e4-4xta-6qc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46412?format=api", "vulnerability_id": "VCID-jeur-3jww-dqee", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50751", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50755", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50617", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50768", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39412" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:56Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39412", "reference_id": "CVE-2024-39412", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39412" }, { "reference_url": "https://github.com/advisories/GHSA-7472-vw39-g2j3", "reference_id": "GHSA-7472-vw39-g2j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7472-vw39-g2j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39412", "GHSA-7472-vw39-g2j3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jeur-3jww-dqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46759?format=api", "vulnerability_id": "VCID-jyhf-huep-tya2", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47077", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47214", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47232", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47218", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39398" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:17Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39398", "reference_id": "CVE-2024-39398", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39398" }, { "reference_url": "https://github.com/advisories/GHSA-q628-54wg-4r5q", "reference_id": "GHSA-q628-54wg-4r5q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q628-54wg-4r5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39398", "GHSA-q628-54wg-4r5q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyhf-huep-tya2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87743?format=api", "vulnerability_id": "VCID-pcm6-819d-6uhm", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44038", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44198", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44191", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.4421", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264", "reference_id": "CVE-2025-54264", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264" }, { "reference_url": "https://github.com/advisories/GHSA-2768-5wmv-cfff", "reference_id": "GHSA-2768-5wmv-cfff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2768-5wmv-cfff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54264", "GHSA-2768-5wmv-cfff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcm6-819d-6uhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46597?format=api", "vulnerability_id": "VCID-qbx1-jqke-v7hf", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86093", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86101", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86044", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86105", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39402" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:09Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39402", "reference_id": "CVE-2024-39402", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39402" }, { "reference_url": "https://github.com/advisories/GHSA-2ff6-837j-hg5x", "reference_id": "GHSA-2ff6-837j-hg5x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2ff6-837j-hg5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39402", "GHSA-2ff6-837j-hg5x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbx1-jqke-v7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46855?format=api", "vulnerability_id": "VCID-qnpc-4r4b-3uhx", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39417" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:31Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39417", "reference_id": "CVE-2024-39417", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39417" }, { "reference_url": "https://github.com/advisories/GHSA-4xmj-f664-hv98", "reference_id": "GHSA-4xmj-f664-hv98", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xmj-f664-hv98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39417", "GHSA-4xmj-f664-hv98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnpc-4r4b-3uhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46443?format=api", "vulnerability_id": "VCID-s7t9-h2jx-9bgr", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55433", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55556", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55553", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39416" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39416", "reference_id": "CVE-2024-39416", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39416" }, { "reference_url": "https://github.com/advisories/GHSA-4xgg-rw35-7mv5", "reference_id": "GHSA-4xgg-rw35-7mv5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xgg-rw35-7mv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39416", "GHSA-4xgg-rw35-7mv5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7t9-h2jx-9bgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46640?format=api", "vulnerability_id": "VCID-u52p-wrjp-quhk", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67045", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67137", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:17Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39408", "reference_id": "CVE-2024-39408", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39408" }, { "reference_url": "https://github.com/advisories/GHSA-4cj6-f32v-6hgx", "reference_id": "GHSA-4cj6-f32v-6hgx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4cj6-f32v-6hgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39408", "GHSA-4cj6-f32v-6hgx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u52p-wrjp-quhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46849?format=api", "vulnerability_id": "VCID-vwpg-z9en-6yej", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81428", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81358", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39400" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39400", "reference_id": "CVE-2024-39400", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39400" }, { "reference_url": "https://github.com/advisories/GHSA-52fg-wjxm-pp44", "reference_id": "GHSA-52fg-wjxm-pp44", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52fg-wjxm-pp44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39400", "GHSA-52fg-wjxm-pp44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vwpg-z9en-6yej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46579?format=api", "vulnerability_id": "VCID-wfdz-b6c4-quhq", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39411" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39411", "reference_id": "CVE-2024-39411", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39411" }, { "reference_url": "https://github.com/advisories/GHSA-qm77-mqf3-fmhq", "reference_id": "GHSA-qm77-mqf3-fmhq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm77-mqf3-fmhq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39411", "GHSA-qm77-mqf3-fmhq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfdz-b6c4-quhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46765?format=api", "vulnerability_id": "VCID-xmby-7b1y-v3cn", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48016", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47859", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39404" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:52Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39404", "reference_id": "CVE-2024-39404", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39404" }, { "reference_url": "https://github.com/advisories/GHSA-qrh3-vxjg-h9h6", "reference_id": "GHSA-qrh3-vxjg-h9h6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qrh3-vxjg-h9h6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33000?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33001?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2" } ], "aliases": [ "CVE-2024-39404", "GHSA-qrh3-vxjg-h9h6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmby-7b1y-v3cn" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49294?format=api", "vulnerability_id": "VCID-549e-3kmc-cyfw", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.7054", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70537", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70435", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70526", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:48:20Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104", "reference_id": "CVE-2024-34104", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104" }, { "reference_url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm", "reference_id": "GHSA-wwj3-573j-rvvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34104", "GHSA-wwj3-573j-rvvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-549e-3kmc-cyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49909?format=api", "vulnerability_id": "VCID-eban-ja9z-f7ep", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71516", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71514", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71417", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71504", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:21:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106", "reference_id": "CVE-2024-34106", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106" }, { "reference_url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64", "reference_id": "GHSA-p6h9-gx5g-wg64", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34106", "GHSA-p6h9-gx5g-wg64" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eban-ja9z-f7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49820?format=api", "vulnerability_id": "VCID-frhp-vgpt-g7am", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.8336", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83294", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83363", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-14T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103", "reference_id": "CVE-2024-34103", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103" }, { "reference_url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774", "reference_id": "GHSA-f7q4-9gwv-6774", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34103", "GHSA-f7q4-9gwv-6774" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frhp-vgpt-g7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49778?format=api", "vulnerability_id": "VCID-kf6b-mshs-23fa", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.7321", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73208", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73117", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73195", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:30:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107", "reference_id": "CVE-2024-34107", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107" }, { "reference_url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g", "reference_id": "GHSA-r7cm-g469-wm4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34107", "GHSA-r7cm-g469-wm4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf6b-mshs-23fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49335?format=api", "vulnerability_id": "VCID-xgk2-yecx-q3ff", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94171", "scoring_system": "epss", "scoring_elements": "0.99921", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.94171", "scoring_system": "epss", "scoring_elements": "0.9992", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102", "reference_id": "cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102", "reference_id": "CVE-2024-34102", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml", "reference_id": "CVE-2024-34102.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj", "reference_id": "GHSA-m8cj-3v68-3cxj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34102", "GHSA-m8cj-3v68-3cxj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgk2-yecx-q3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49810?format=api", "vulnerability_id": "VCID-zthr-mpwx-1fef", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73857", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73855", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73767", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73841", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-13T21:18:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111", "reference_id": "CVE-2024-34111", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111" }, { "reference_url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3", "reference_id": "GHSA-jmqp-r3gg-6jh3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34111", "GHSA-jmqp-r3gg-6jh3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zthr-mpwx-1fef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49344?format=api", "vulnerability_id": "VCID-zv6m-4py8-3ydq", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83955", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83951", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.8389", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83947", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:04:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105", "reference_id": "CVE-2024-34105", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105" }, { "reference_url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9", "reference_id": "GHSA-5632-wq7m-gfq9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32194?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9" }, { "url": "http://public2.vulnerablecode.io/api/packages/32193?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/32195?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6" }, { "url": "http://public2.vulnerablecode.io/api/packages/30241?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-8hfe-bt2u-37f9" }, { "vulnerability": "VCID-96hr-sbyj-27dw" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-e9g4-n5c8-6yf9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jnuu-9mt7-jyd5" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zssu-1dmn-sycb" }, { "vulnerability": "VCID-zym7-1cr7-mkaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1" } ], "aliases": [ "CVE-2024-34105", "GHSA-5632-wq7m-gfq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6m-4py8-3ydq" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8" }