Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60732?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60732?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0", "type": "composer", "namespace": "magento", "name": "community-edition", "version": "2.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.3-p2", "latest_non_vulnerable_version": "2.4.9-alpha3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111547?format=api", "vulnerability_id": "VCID-1b6m-qfes-mqab", "summary": "Magento Insufficient Session Expiration\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38109", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21031" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21031", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21031" }, { "reference_url": "https://github.com/advisories/GHSA-4h3p-63x6-vwg2", "reference_id": "GHSA-4h3p-63x6-vwg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h3p-63x6-vwg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21031", "GHSA-4h3p-63x6-vwg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1b6m-qfes-mqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41444?format=api", "vulnerability_id": "VCID-1k4q-2ttb-13hd", "summary": "Information Exposure\nMagento is vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73061", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73099", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28566" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28566", "reference_id": "CVE-2021-28566", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28566" }, { "reference_url": "https://github.com/advisories/GHSA-w942-fw92-mqm2", "reference_id": "GHSA-w942-fw92-mqm2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w942-fw92-mqm2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3" } ], "aliases": [ "CVE-2021-28566", "GHSA-w942-fw92-mqm2" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1k4q-2ttb-13hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112057?format=api", "vulnerability_id": "VCID-6wdt-8fbe-hkbe", "summary": "Magento Improper Authorization vulnerability in the customers module\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27852", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27786", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28567" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28567", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28567" }, { "reference_url": "https://github.com/advisories/GHSA-cc3w-r3w8-hfh7", "reference_id": "GHSA-cc3w-r3w8-hfh7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cc3w-r3w8-hfh7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28567", "GHSA-cc3w-r3w8-hfh7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wdt-8fbe-hkbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111051?format=api", "vulnerability_id": "VCID-8ape-agd1-s7hf", "summary": "Magento Improper Access Control\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29099", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21020" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21020", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21020" }, { "reference_url": "https://github.com/advisories/GHSA-2j6v-829g-885q", "reference_id": "GHSA-2j6v-829g-885q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j6v-829g-885q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21020", "GHSA-2j6v-829g-885q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ape-agd1-s7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111197?format=api", "vulnerability_id": "VCID-apue-gaqy-n3cq", "summary": "Magento 2 Community Edition Incorrect Authorization\nMagento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52037", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52097", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24401" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24401", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24401" }, { "reference_url": "https://github.com/advisories/GHSA-f2g3-3c6q-4478", "reference_id": "GHSA-f2g3-3c6q-4478", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2g3-3c6q-4478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24401", "GHSA-f2g3-3c6q-4478" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apue-gaqy-n3cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109978?format=api", "vulnerability_id": "VCID-c4ms-3und-c7d1", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66834", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66874", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34255" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523" }, { "reference_url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa" }, { "reference_url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:06:09Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34255", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34255" }, { "reference_url": "https://github.com/advisories/GHSA-x95x-f4g9-mm85", "reference_id": "GHSA-x95x-f4g9-mm85", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x95x-f4g9-mm85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-34255", "GHSA-x95x-f4g9-mm85" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ms-3und-c7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111467?format=api", "vulnerability_id": "VCID-c4mx-9727-nfgs", "summary": "Magento stored cross-site scripting (XSS) in the customer address upload feature\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06281", "scoring_system": "epss", "scoring_elements": "0.9109", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06281", "scoring_system": "epss", "scoring_elements": "0.91103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21030" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21030", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21030" }, { "reference_url": "https://github.com/advisories/GHSA-6988-g89m-27vf", "reference_id": "GHSA-6988-g89m-27vf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6988-g89m-27vf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21030", "GHSA-6988-g89m-27vf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4mx-9727-nfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111502?format=api", "vulnerability_id": "VCID-cae3-fgn1-83hu", "summary": "Magento incorrect permissions vulnerability in the Integrations component\nMagento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40836", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24402" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24402", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24402" }, { "reference_url": "https://github.com/advisories/GHSA-hvf5-4jr9-fghh", "reference_id": "GHSA-hvf5-4jr9-fghh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hvf5-4jr9-fghh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24402", "GHSA-hvf5-4jr9-fghh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cae3-fgn1-83hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108762?format=api", "vulnerability_id": "VCID-dpm5-tmsy-2bez", "summary": "Magento Improper input validation vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39844", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42344" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42344", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42344" }, { "reference_url": "https://github.com/advisories/GHSA-297f-r9w7-w492", "reference_id": "GHSA-297f-r9w7-w492", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-297f-r9w7-w492" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66998?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-y93w-2qcc-wqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-42344", "GHSA-297f-r9w7-w492" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpm5-tmsy-2bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53776?format=api", "vulnerability_id": "VCID-dqkx-knjf-47hh", "summary": "SQL Injection\nMagento This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49356", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24400" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24400", "reference_id": "CVE-2020-24400", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24400" }, { "reference_url": "https://github.com/advisories/GHSA-pf6w-3pfw-fxvw", "reference_id": "GHSA-pf6w-3pfw-fxvw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf6w-3pfw-fxvw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24400", "GHSA-pf6w-3pfw-fxvw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqkx-knjf-47hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54064?format=api", "vulnerability_id": "VCID-e7k8-hmqe-wufh", "summary": "Magento is vulnerable to SQL Injection. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02071", "scoring_system": "epss", "scoring_elements": "0.84262", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02071", "scoring_system": "epss", "scoring_elements": "0.84285", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21024" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21024", "reference_id": "CVE-2021-21024", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21024" }, { "reference_url": "https://github.com/advisories/GHSA-rj4f-cp4v-hvcv", "reference_id": "GHSA-rj4f-cp4v-hvcv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj4f-cp4v-hvcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21024", "GHSA-rj4f-cp4v-hvcv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7k8-hmqe-wufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112485?format=api", "vulnerability_id": "VCID-ed87-d3y2-wfck", "summary": "Magento improper authorization vulnerability in the integrations module\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.72008", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71969", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21026" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21026", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21026" }, { "reference_url": "https://github.com/advisories/GHSA-crjc-2v9m-8w7r", "reference_id": "GHSA-crjc-2v9m-8w7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crjc-2v9m-8w7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21026", "GHSA-crjc-2v9m-8w7r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed87-d3y2-wfck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53715?format=api", "vulnerability_id": "VCID-fgqe-h7ey-33bd", "summary": "Cross-site Scripting\nThis vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.8022", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80244", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24408", "reference_id": "CVE-2020-24408", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24408" }, { "reference_url": "https://github.com/advisories/GHSA-jxjc-6xmh-h7mg", "reference_id": "GHSA-jxjc-6xmh-h7mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jxjc-6xmh-h7mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24408", "GHSA-jxjc-6xmh-h7mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgqe-h7ey-33bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111006?format=api", "vulnerability_id": "VCID-gyj5-abau-uyf6", "summary": "Magento stored cross-site scripting vulnerability in the admin console\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03783", "scoring_system": "epss", "scoring_elements": "0.88271", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03783", "scoring_system": "epss", "scoring_elements": "0.8829", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21023" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21023", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21023" }, { "reference_url": "https://github.com/advisories/GHSA-h5rm-m772-6qcx", "reference_id": "GHSA-h5rm-m772-6qcx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5rm-m772-6qcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21023", "GHSA-h5rm-m772-6qcx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyj5-abau-uyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53773?format=api", "vulnerability_id": "VCID-h4nn-2mrj-g3ds", "summary": "Improper Authorization\nMagento This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50929", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50991", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24404" }, { "reference_url": "https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-6.html" }, { "reference_url": "https://experienceleague.adobe.com/docs/commerce-operations/release/notes/magento-open-source/2-4-1.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://experienceleague.adobe.com/docs/commerce-operations/release/notes/magento-open-source/2-4-1.html" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24404", "reference_id": "CVE-2020-24404", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24404" }, { "reference_url": "https://github.com/advisories/GHSA-rwf7-652f-76mv", "reference_id": "GHSA-rwf7-652f-76mv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwf7-652f-76mv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24404", "GHSA-rwf7-652f-76mv" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4nn-2mrj-g3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54068?format=api", "vulnerability_id": "VCID-h64s-51sc-huga", "summary": "XPath Injection\nMagento is vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04035", "scoring_system": "epss", "scoring_elements": "0.887", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04035", "scoring_system": "epss", "scoring_elements": "0.88716", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21019" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21019", "reference_id": "CVE-2021-21019", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21019" }, { "reference_url": "https://github.com/advisories/GHSA-mw95-gmw4-883p", "reference_id": "GHSA-mw95-gmw4-883p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mw95-gmw4-883p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21019", "GHSA-mw95-gmw4-883p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h64s-51sc-huga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109930?format=api", "vulnerability_id": "VCID-hq7k-qz7g-4bc2", "summary": "Magento Path Traversal vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.6986", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.6982", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34254" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523" }, { "reference_url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa" }, { "reference_url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:05:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34254", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34254" }, { "reference_url": "https://github.com/advisories/GHSA-fx9g-g9q6-x3jx", "reference_id": "GHSA-fx9g-g9q6-x3jx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fx9g-g9q6-x3jx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-34254", "GHSA-fx9g-g9q6-x3jx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq7k-qz7g-4bc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54067?format=api", "vulnerability_id": "VCID-hufp-fajk-n7gu", "summary": "OS Command Injection\nMagento is vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06906", "scoring_system": "epss", "scoring_elements": "0.9155", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06906", "scoring_system": "epss", "scoring_elements": "0.91563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21018" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21018", "reference_id": "CVE-2021-21018", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21018" }, { "reference_url": "https://github.com/advisories/GHSA-rv48-v862-mp92", "reference_id": "GHSA-rv48-v862-mp92", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rv48-v862-mp92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21018", "GHSA-rv48-v862-mp92" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hufp-fajk-n7gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111185?format=api", "vulnerability_id": "VCID-j77a-cqsd-wuf1", "summary": "Magento Insufficient Session Expiration\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38109", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21032" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21032", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21032" }, { "reference_url": "https://github.com/advisories/GHSA-4jfq-f8hc-775q", "reference_id": "GHSA-4jfq-f8hc-775q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jfq-f8hc-775q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21032", "GHSA-4jfq-f8hc-775q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j77a-cqsd-wuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112095?format=api", "vulnerability_id": "VCID-jmhs-9u49-ekbj", "summary": "Magento Insecure Direct Object Reference (IDOR) in the product module\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35755", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35851", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21022" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21022", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21022" }, { "reference_url": "https://github.com/advisories/GHSA-8pfq-g48p-x7w8", "reference_id": "GHSA-8pfq-g48p-x7w8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8pfq-g48p-x7w8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21022", "GHSA-8pfq-g48p-x7w8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmhs-9u49-ekbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110012?format=api", "vulnerability_id": "VCID-kyvw-d4e8-1fd4", "summary": "Magento XML Injection vulnerability in the Widgets Module\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37194", "scoring_system": "epss", "scoring_elements": "0.97252", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.37194", "scoring_system": "epss", "scoring_elements": "0.97256", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34253" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523" }, { "reference_url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa" }, { "reference_url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:06:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34253", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34253" }, { "reference_url": "https://github.com/advisories/GHSA-cj7w-pm77-hvg6", "reference_id": "GHSA-cj7w-pm77-hvg6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj7w-pm77-hvg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-34253", "GHSA-cj7w-pm77-hvg6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyvw-d4e8-1fd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111534?format=api", "vulnerability_id": "VCID-mtes-xpe5-qkdj", "summary": "Magento 2 Community Edition RCE via Unsafe File Upload\nMagento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03057", "scoring_system": "epss", "scoring_elements": "0.86957", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03057", "scoring_system": "epss", "scoring_elements": "0.86979", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24407" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24407", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24407" }, { "reference_url": "https://github.com/advisories/GHSA-7pxg-6p87-8c9v", "reference_id": "GHSA-7pxg-6p87-8c9v", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7pxg-6p87-8c9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24407", "GHSA-7pxg-6p87-8c9v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtes-xpe5-qkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110022?format=api", "vulnerability_id": "VCID-mzsj-dck5-pqc5", "summary": "Magento stored Cross-Site Scripting (XSS) vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16184", "scoring_system": "epss", "scoring_elements": "0.94937", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.16184", "scoring_system": "epss", "scoring_elements": "0.94929", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34258" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523" }, { "reference_url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa" }, { "reference_url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:05:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34258", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34258" }, { "reference_url": "https://github.com/advisories/GHSA-5m55-g8pv-x8ww", "reference_id": "GHSA-5m55-g8pv-x8ww", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5m55-g8pv-x8ww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-34258", "GHSA-5m55-g8pv-x8ww" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mzsj-dck5-pqc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111283?format=api", "vulnerability_id": "VCID-nm39-k1su-yyep", "summary": "Magento vulnerable to a file upload restriction bypass\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59335", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21014" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21014", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21014" }, { "reference_url": "https://github.com/advisories/GHSA-269w-pqc7-68q9", "reference_id": "GHSA-269w-pqc7-68q9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-269w-pqc7-68q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21014", "GHSA-269w-pqc7-68q9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nm39-k1su-yyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53774?format=api", "vulnerability_id": "VCID-px1s-dzpe-qbfx", "summary": "Path Traversal\nWhen in maintenance mode, Magento This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53026", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53086", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24406", "reference_id": "CVE-2020-24406", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24406" }, { "reference_url": "https://github.com/advisories/GHSA-mr8q-7f5j-wc79", "reference_id": "GHSA-mr8q-7f5j-wc79", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mr8q-7f5j-wc79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24406", "GHSA-mr8q-7f5j-wc79" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-px1s-dzpe-qbfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110030?format=api", "vulnerability_id": "VCID-pxxm-ce8x-abdq", "summary": "Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46059", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46128", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34259" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523" }, { "reference_url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa" }, { "reference_url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:06:18Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34259", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34259" }, { "reference_url": "https://github.com/advisories/GHSA-9wjf-94h3-r4rh", "reference_id": "GHSA-9wjf-94h3-r4rh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9wjf-94h3-r4rh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-34259", "GHSA-9wjf-94h3-r4rh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxxm-ce8x-abdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111241?format=api", "vulnerability_id": "VCID-q4yr-fqww-tbb1", "summary": "Magento incorrect user permissions vulnerability within the Inventory component\nMagento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40836", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24403" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24403", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24403" }, { "reference_url": "https://github.com/advisories/GHSA-39rw-4m66-82gf", "reference_id": "GHSA-39rw-4m66-82gf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39rw-4m66-82gf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24403", "GHSA-39rw-4m66-82gf" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4yr-fqww-tbb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111382?format=api", "vulnerability_id": "VCID-qq42-4zzt-3kh2", "summary": "Magento XPath Injection\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.8958", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04724", "scoring_system": "epss", "scoring_elements": "0.89597", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21025" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21025", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21025" }, { "reference_url": "https://github.com/advisories/GHSA-h437-qjj9-vmq4", "reference_id": "GHSA-h437-qjj9-vmq4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h437-qjj9-vmq4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" } ], "aliases": [ "CVE-2021-21025", "GHSA-h437-qjj9-vmq4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qq42-4zzt-3kh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53775?format=api", "vulnerability_id": "VCID-qx68-8xvf-a7hy", "summary": "Improper Authorization\nMagento This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.2496", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24405" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24405", "reference_id": "CVE-2020-24405", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24405" }, { "reference_url": "https://github.com/advisories/GHSA-p7m7-j8jv-393q", "reference_id": "GHSA-p7m7-j8jv-393q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7m7-j8jv-393q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78954?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1" } ], "aliases": [ "CVE-2020-24405", "GHSA-p7m7-j8jv-393q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qx68-8xvf-a7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111360?format=api", "vulnerability_id": "VCID-sd6n-a9mk-aufb", "summary": "Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23863", "scoring_system": "epss", "scoring_elements": "0.96121", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23863", "scoring_system": "epss", "scoring_elements": "0.96126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28556" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28556", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28556" }, { "reference_url": "https://github.com/advisories/GHSA-39ch-rg26-gmq5", "reference_id": "GHSA-39ch-rg26-gmq5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39ch-rg26-gmq5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28556", "GHSA-39ch-rg26-gmq5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd6n-a9mk-aufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54061?format=api", "vulnerability_id": "VCID-spjd-9z79-jueh", "summary": "OS Command Injection\nMagento is vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04856", "scoring_system": "epss", "scoring_elements": "0.89727", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04856", "scoring_system": "epss", "scoring_elements": "0.89743", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21015" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21015", "reference_id": "CVE-2021-21015", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21015" }, { "reference_url": "https://github.com/advisories/GHSA-w2p4-2c8c-2g7h", "reference_id": "GHSA-w2p4-2c8c-2g7h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2p4-2c8c-2g7h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21015", "GHSA-w2p4-2c8c-2g7h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spjd-9z79-jueh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111540?format=api", "vulnerability_id": "VCID-u2hc-27c2-1udc", "summary": "Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67609", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.6765", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28583" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28583", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28583" }, { "reference_url": "https://github.com/advisories/GHSA-7gh6-f4jh-3crq", "reference_id": "GHSA-7gh6-f4jh-3crq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gh6-f4jh-3crq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28583", "GHSA-7gh6-f4jh-3crq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2hc-27c2-1udc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109934?format=api", "vulnerability_id": "VCID-vcdk-gdky-7fdg", "summary": "Magento stored Cross-Site Scripting (XSS) vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00769", "scoring_system": "epss", "scoring_elements": "0.7387", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00769", "scoring_system": "epss", "scoring_elements": "0.73906", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34257" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523" }, { "reference_url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa" }, { "reference_url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:05:02Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34257", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34257" }, { "reference_url": "https://github.com/advisories/GHSA-rg7p-wmgj-f374", "reference_id": "GHSA-rg7p-wmgj-f374", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg7p-wmgj-f374" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-34257", "GHSA-rg7p-wmgj-f374" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcdk-gdky-7fdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111584?format=api", "vulnerability_id": "VCID-ve4u-d5rz-wyab", "summary": "Magento OS command injection via the WebAPI\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04449", "scoring_system": "epss", "scoring_elements": "0.89248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04449", "scoring_system": "epss", "scoring_elements": "0.89266", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21016" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21016", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21016" }, { "reference_url": "https://github.com/advisories/GHSA-792f-c8mp-2cr5", "reference_id": "GHSA-792f-c8mp-2cr5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-792f-c8mp-2cr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21016", "GHSA-792f-c8mp-2cr5" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve4u-d5rz-wyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109923?format=api", "vulnerability_id": "VCID-vp8y-y64r-wkc9", "summary": "Magento Improper Authorization vulnerability\nAdobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61564", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61612", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34256" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523" }, { "reference_url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa" }, { "reference_url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:06:22Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34256", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34256" }, { "reference_url": "https://github.com/advisories/GHSA-r7mm-grf3-5fjv", "reference_id": "GHSA-r7mm-grf3-5fjv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7mm-grf3-5fjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144517?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-hd53-pxmk-ruap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/64404?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-fyh6-gupt-eqgm" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64406?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1jsp-392b-2fgb" }, { "vulnerability": "VCID-2h52-3pt6-dfcw" }, { "vulnerability": "VCID-2vsw-t8k2-4bfm" }, { "vulnerability": "VCID-3et4-3zad-1qfn" }, { "vulnerability": "VCID-3g5s-hryc-5qa9" }, { "vulnerability": "VCID-3zcy-b3th-ukhd" }, { "vulnerability": "VCID-4dae-vty8-b7hk" }, { "vulnerability": "VCID-525q-afzj-tkcp" }, { "vulnerability": "VCID-5gxr-xksz-5ydb" }, { "vulnerability": "VCID-5wfa-wpby-dke1" }, { "vulnerability": "VCID-6p6q-ctya-q3bv" }, { "vulnerability": "VCID-6t9w-cnkz-s3c3" }, { "vulnerability": "VCID-6tx4-wexr-fkbb" }, { "vulnerability": "VCID-7ewa-w75h-qfdy" }, { "vulnerability": "VCID-7hrm-jtbx-sqgm" }, { "vulnerability": "VCID-7pr7-uqp1-sugt" }, { "vulnerability": "VCID-7s3w-8dn6-jqh7" }, { "vulnerability": "VCID-7s74-rdkp-vyaf" }, { "vulnerability": "VCID-7s7e-adr6-h3dc" }, { "vulnerability": "VCID-8hx4-r8bb-n7ge" }, { "vulnerability": "VCID-8ky6-w2nk-9bds" }, { "vulnerability": "VCID-8msu-s38a-p7e3" }, { "vulnerability": "VCID-8shb-t5zp-rqbu" }, { "vulnerability": "VCID-9cc9-npdc-8bac" }, { "vulnerability": "VCID-9vrt-uccb-myev" }, { "vulnerability": "VCID-a8gs-ervm-e3hm" }, { "vulnerability": "VCID-a9b6-tenb-afdw" }, { "vulnerability": "VCID-agtm-nkhp-dkdn" }, { "vulnerability": "VCID-ayfe-5a7g-u7b7" }, { "vulnerability": "VCID-az2w-5xhy-5fe4" }, { "vulnerability": "VCID-b3cn-pjp3-4yhm" }, { "vulnerability": "VCID-b4jg-dj1a-9qd5" }, { "vulnerability": "VCID-b9ry-u6qy-j7cc" }, { "vulnerability": "VCID-bch8-kq49-skhm" }, { "vulnerability": "VCID-bera-73sm-bbh7" }, { "vulnerability": "VCID-bkpz-ratd-e7ab" }, { "vulnerability": "VCID-bzyh-c5tm-j7dn" }, { "vulnerability": "VCID-cc8x-6es1-8kc5" }, { "vulnerability": "VCID-ccx1-qacj-2qev" }, { "vulnerability": "VCID-cgwk-hn4t-n7c1" }, { "vulnerability": "VCID-cm2a-1yc5-v3cy" }, { "vulnerability": "VCID-cqjn-3z6n-sff1" }, { "vulnerability": "VCID-d2ab-j8bf-e7dx" }, { "vulnerability": "VCID-d6mk-hg8h-7qbc" }, { "vulnerability": "VCID-dpgz-dacm-sqg6" }, { "vulnerability": "VCID-du16-f2wp-t3cw" }, { "vulnerability": "VCID-dur2-pfke-h7hf" }, { "vulnerability": "VCID-dx43-89w9-a7dg" }, { "vulnerability": "VCID-e7zd-dn28-4bf1" }, { "vulnerability": "VCID-e9zx-zy9y-2fcp" }, { "vulnerability": "VCID-eahe-s41f-ckc1" }, { "vulnerability": "VCID-egy6-nku7-zyap" }, { "vulnerability": "VCID-evth-swm9-k3de" }, { "vulnerability": "VCID-eygc-ra9u-gyej" }, { "vulnerability": "VCID-fz5y-um7w-63f4" }, { "vulnerability": "VCID-fzam-yuyg-qyd5" }, { "vulnerability": "VCID-gedj-39p5-ubd6" }, { "vulnerability": "VCID-gxj9-a1hc-47de" }, { "vulnerability": "VCID-hbau-7tvg-cygz" }, { "vulnerability": "VCID-hd53-pxmk-ruap" }, { "vulnerability": "VCID-hfbb-ax6r-tbaz" }, { "vulnerability": "VCID-hh8a-mgkk-3yb5" }, { "vulnerability": "VCID-j124-q39m-mkby" }, { "vulnerability": "VCID-j5vp-2jrx-ukf4" }, { "vulnerability": "VCID-j6ss-8f4e-e7g2" }, { "vulnerability": "VCID-jhd5-tqph-3ufu" }, { "vulnerability": "VCID-kezx-5nw5-hfen" }, { "vulnerability": "VCID-kje4-asu6-dfg2" }, { "vulnerability": "VCID-kq4m-anrt-rugn" }, { "vulnerability": "VCID-kuzc-uv5b-v7an" }, { "vulnerability": "VCID-kxnm-y19k-mqg2" }, { "vulnerability": "VCID-m5z8-hz81-j7b7" }, { "vulnerability": "VCID-m83v-51cy-uqar" }, { "vulnerability": "VCID-md7v-w5aq-t7h1" }, { "vulnerability": "VCID-mhvf-2keh-2qar" }, { "vulnerability": "VCID-mjb6-7au8-5fdx" }, { "vulnerability": "VCID-msac-ptqf-pyg1" }, { "vulnerability": "VCID-mtr5-suag-2bdj" }, { "vulnerability": "VCID-ns8t-vtcn-aqh4" }, { "vulnerability": "VCID-p222-28c1-vfhy" }, { "vulnerability": "VCID-qfw5-3tdu-x7g4" }, { "vulnerability": "VCID-qgpx-hgzu-5qgp" }, { "vulnerability": "VCID-qj4x-u7gx-9uf1" }, { "vulnerability": "VCID-qp7s-amch-v3cd" }, { "vulnerability": "VCID-qzqd-271b-ybfj" }, { "vulnerability": "VCID-r4bw-w4t9-23ek" }, { "vulnerability": "VCID-r7nh-arcj-8fb3" }, { "vulnerability": "VCID-rbjk-3gcs-2qb5" }, { "vulnerability": "VCID-rduw-apr6-4fdu" }, { "vulnerability": "VCID-re84-qg3k-3ub3" }, { "vulnerability": "VCID-rf6p-ct86-5bgz" }, { "vulnerability": "VCID-ruru-fwmn-5kes" }, { "vulnerability": "VCID-rxac-w9pd-aqe1" }, { "vulnerability": "VCID-s4bp-kzfu-8qfy" }, { "vulnerability": "VCID-s5e2-d6n8-kkbr" }, { "vulnerability": "VCID-scg7-ugdn-53b9" }, { "vulnerability": "VCID-shfz-pxan-v3ar" }, { "vulnerability": "VCID-tc3m-4bkg-qkcf" }, { "vulnerability": "VCID-te3b-exz5-zke1" }, { "vulnerability": "VCID-tvz9-8s4d-gbg6" }, { "vulnerability": "VCID-txb3-ez5r-r7ek" }, { "vulnerability": "VCID-tzug-ckkn-dyft" }, { "vulnerability": "VCID-ugyc-gehq-rudu" }, { "vulnerability": "VCID-upcj-z3c1-ubcf" }, { "vulnerability": "VCID-vu36-a1g1-nugt" }, { "vulnerability": "VCID-vx13-4b1d-wbgp" }, { "vulnerability": "VCID-w3zd-fezc-nuhd" }, { "vulnerability": "VCID-wjfe-wh5k-1qft" }, { "vulnerability": "VCID-ws6y-k3tx-r3gb" }, { "vulnerability": "VCID-wvyx-2bbb-9yf7" }, { "vulnerability": "VCID-wzu6-rbsv-mkde" }, { "vulnerability": "VCID-x46d-a16g-nkg9" }, { "vulnerability": "VCID-xfvu-2zg4-ruf6" }, { "vulnerability": "VCID-xk5y-7a1w-zba9" }, { "vulnerability": "VCID-xsq8-ztqh-ubb8" }, { "vulnerability": "VCID-y1v3-9tyq-uqhd" }, { "vulnerability": "VCID-y4r1-yr69-uuf6" }, { "vulnerability": "VCID-y4u6-cy8y-hyae" }, { "vulnerability": "VCID-y7x4-664r-3fbk" }, { "vulnerability": "VCID-yuvf-e7hk-kqf9" }, { "vulnerability": "VCID-z2v2-n138-6ydv" }, { "vulnerability": "VCID-zdpz-8tc2-6kah" }, { "vulnerability": "VCID-zt9b-9sjx-7qb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5" } ], "aliases": [ "CVE-2022-34256", "GHSA-r7mm-grf3-5fjv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vp8y-y64r-wkc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111309?format=api", "vulnerability_id": "VCID-w4uu-k7nk-a7hr", "summary": "Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API\nMagento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58965", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21027" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21027", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21027" }, { "reference_url": "https://github.com/advisories/GHSA-h4xc-577p-hgj9", "reference_id": "GHSA-h4xc-577p-hgj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4xc-577p-hgj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21027", "GHSA-h4xc-577p-hgj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4uu-k7nk-a7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111983?format=api", "vulnerability_id": "VCID-wbt5-q9qd-8kby", "summary": "Magento Path Traversal vulnerability\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00574", "scoring_system": "epss", "scoring_elements": "0.69125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00574", "scoring_system": "epss", "scoring_elements": "0.69164", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28584" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28584", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28584" }, { "reference_url": "https://github.com/advisories/GHSA-7gpv-xrjr-f5h4", "reference_id": "GHSA-7gpv-xrjr-f5h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gpv-xrjr-f5h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28584", "GHSA-7gpv-xrjr-f5h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbt5-q9qd-8kby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112088?format=api", "vulnerability_id": "VCID-xbhh-m11c-gkeu", "summary": "Magento Improper input validation vulnerability\nMagento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57907", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28585" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28585", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28585" }, { "reference_url": "https://github.com/advisories/GHSA-c38m-9668-6j2w", "reference_id": "GHSA-c38m-9668-6j2w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c38m-9668-6j2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28585", "GHSA-c38m-9668-6j2w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbhh-m11c-gkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54681?format=api", "vulnerability_id": "VCID-yvcy-4e8m-p3b8", "summary": "Improper Authorization\nAn authorization flaw was found in Magento. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49348", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49287", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28563" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695" }, { "reference_url": "https://github.com/magento/magento2/commit/ed952726c94e401e922e88490e41a536f2d850e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/ed952726c94e401e922e88490e41a536f2d850e7" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-30.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28563", "reference_id": "CVE-2021-28563", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28563" }, { "reference_url": "https://github.com/advisories/GHSA-q9xx-4689-gvv5", "reference_id": "GHSA-q9xx-4689-gvv5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9xx-4689-gvv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58956?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" } ], "aliases": [ "CVE-2021-28563", "GHSA-q9xx-4689-gvv5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvcy-4e8m-p3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42472?format=api", "vulnerability_id": "VCID-zkkk-5q62-ubca", "summary": "Magento improper input validation vulnerability\nAdobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93696", "scoring_system": "epss", "scoring_elements": "0.99857", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24086" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb22-12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-02-27T18:35:53Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb22-12.html" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24086", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24086" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24086", "reference_id": "CVE-2022-24086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24086" }, { "reference_url": "https://github.com/advisories/GHSA-f8fv-f786-9933", "reference_id": "GHSA-f8fv-f786-9933", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f8fv-f786-9933" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60734?format=api", "purl": "pkg:composer/magento/community-edition@2.4.3-p2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.3-p2" } ], "aliases": [ "CVE-2022-24086", "GHSA-f8fv-f786-9933" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkkk-5q62-ubca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54062?format=api", "vulnerability_id": "VCID-zubf-dqv7-xkf3", "summary": "Cross-site Scripting\nMagento is vulnerable to Cross-Site Scripting in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21029", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43501", "scoring_system": "epss", "scoring_elements": "0.97581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.43501", "scoring_system": "epss", "scoring_elements": "0.97586", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21029" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497" }, { "reference_url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21029", "reference_id": "CVE-2021-21029", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21029" }, { "reference_url": "https://github.com/advisories/GHSA-jwxh-wj79-ccm6", "reference_id": "GHSA-jwxh-wj79-ccm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwxh-wj79-ccm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79754?format=api", "purl": "pkg:composer/magento/community-edition@2.4.1-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.1-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58955?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-2g87-y8ek-xfdr" }, { "vulnerability": "VCID-2ttz-k7d2-jucf" }, { "vulnerability": "VCID-36ve-7wxt-z7fz" }, { "vulnerability": "VCID-4cbe-djqs-tug1" }, { "vulnerability": "VCID-4w1v-es9j-subp" }, { "vulnerability": "VCID-69wt-c418-mubr" }, { "vulnerability": "VCID-6mjf-p1d9-8qa1" }, { "vulnerability": "VCID-8u5e-d6nx-3khc" }, { "vulnerability": "VCID-b5hn-f1qk-z7cu" }, { "vulnerability": "VCID-c1ta-jffg-cfg9" }, { "vulnerability": "VCID-cfjt-51xj-qqdw" }, { "vulnerability": "VCID-er49-k3tc-ufcu" }, { "vulnerability": "VCID-fz6y-fece-skgr" }, { "vulnerability": "VCID-gxnx-f2qh-3yf9" }, { "vulnerability": "VCID-hspp-kw5e-akbr" }, { "vulnerability": "VCID-kgws-xvjr-g7bv" }, { "vulnerability": "VCID-kv6x-nz1s-uuar" }, { "vulnerability": "VCID-n5mn-3a8f-nbdb" }, { "vulnerability": "VCID-nn21-hf8r-ykfd" }, { "vulnerability": "VCID-p1py-xewy-7khn" }, { "vulnerability": "VCID-p9qx-66yy-1kc1" }, { "vulnerability": "VCID-pm85-dfg2-euep" }, { "vulnerability": "VCID-rgnq-s54v-vkdm" }, { "vulnerability": "VCID-w42y-yc7r-kqhp" }, { "vulnerability": "VCID-wh14-k3ex-pubq" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-ze8y-4wfs-hbf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" } ], "aliases": [ "CVE-2021-21029", "GHSA-jwxh-wj79-ccm6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zubf-dqv7-xkf3" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52901?format=api", "vulnerability_id": "VCID-87ka-etbj-pfen", "summary": "Cross-Site Request Forgery (CSRF)\nOpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25265", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15151" }, { "reference_url": "https://github.com/OpenMage/magento-lts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OpenMage/magento-lts" }, { "reference_url": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15151", "reference_id": "CVE-2020-15151", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15151" }, { "reference_url": "https://github.com/advisories/GHSA-crf2-xm6x-46p6", "reference_id": "GHSA-crf2-xm6x-46p6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crf2-xm6x-46p6" }, { "reference_url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6", "reference_id": "GHSA-crf2-xm6x-46p6", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77892?format=api", "purl": "pkg:composer/magento/community-edition@2.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/60732?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0" } ], "aliases": [ "CVE-2020-15151", "GHSA-crf2-xm6x-46p6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87ka-etbj-pfen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52847?format=api", "vulnerability_id": "VCID-a5rz-y1hu-ubc6", "summary": "Information Exposure Through Discrepancy\nMagento has an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.6491", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64953", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9690" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9690", "reference_id": "CVE-2020-9690", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9690" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77753?format=api", "purl": "pkg:composer/magento/community-edition@2.3.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/60732?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0" } ], "aliases": [ "CVE-2020-9690", "GHSA-xgp9-j48h-jjf9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5rz-y1hu-ubc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52844?format=api", "vulnerability_id": "VCID-tuw6-hdbp-yqb2", "summary": "Incorrect Authorization\nMagento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.82113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01607", "scoring_system": "epss", "scoring_elements": "0.82083", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9692" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9692", "reference_id": "CVE-2020-9692", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9692" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77753?format=api", "purl": "pkg:composer/magento/community-edition@2.3.5-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-87ka-etbj-pfen" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.5-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/60732?format=api", "purl": "pkg:composer/magento/community-edition@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1b6m-qfes-mqab" }, { "vulnerability": "VCID-1k4q-2ttb-13hd" }, { "vulnerability": "VCID-6wdt-8fbe-hkbe" }, { "vulnerability": "VCID-8ape-agd1-s7hf" }, { "vulnerability": "VCID-apue-gaqy-n3cq" }, { "vulnerability": "VCID-c4ms-3und-c7d1" }, { "vulnerability": "VCID-c4mx-9727-nfgs" }, { "vulnerability": "VCID-cae3-fgn1-83hu" }, { "vulnerability": "VCID-dpm5-tmsy-2bez" }, { "vulnerability": "VCID-dqkx-knjf-47hh" }, { "vulnerability": "VCID-e7k8-hmqe-wufh" }, { "vulnerability": "VCID-ed87-d3y2-wfck" }, { "vulnerability": "VCID-fgqe-h7ey-33bd" }, { "vulnerability": "VCID-gyj5-abau-uyf6" }, { "vulnerability": "VCID-h4nn-2mrj-g3ds" }, { "vulnerability": "VCID-h64s-51sc-huga" }, { "vulnerability": "VCID-hq7k-qz7g-4bc2" }, { "vulnerability": "VCID-hufp-fajk-n7gu" }, { "vulnerability": "VCID-j77a-cqsd-wuf1" }, { "vulnerability": "VCID-jmhs-9u49-ekbj" }, { "vulnerability": "VCID-kyvw-d4e8-1fd4" }, { "vulnerability": "VCID-mtes-xpe5-qkdj" }, { "vulnerability": "VCID-mzsj-dck5-pqc5" }, { "vulnerability": "VCID-nm39-k1su-yyep" }, { "vulnerability": "VCID-px1s-dzpe-qbfx" }, { "vulnerability": "VCID-pxxm-ce8x-abdq" }, { "vulnerability": "VCID-q4yr-fqww-tbb1" }, { "vulnerability": "VCID-qq42-4zzt-3kh2" }, { "vulnerability": "VCID-qx68-8xvf-a7hy" }, { "vulnerability": "VCID-sd6n-a9mk-aufb" }, { "vulnerability": "VCID-spjd-9z79-jueh" }, { "vulnerability": "VCID-u2hc-27c2-1udc" }, { "vulnerability": "VCID-vcdk-gdky-7fdg" }, { "vulnerability": "VCID-ve4u-d5rz-wyab" }, { "vulnerability": "VCID-vp8y-y64r-wkc9" }, { "vulnerability": "VCID-w4uu-k7nk-a7hr" }, { "vulnerability": "VCID-wbt5-q9qd-8kby" }, { "vulnerability": "VCID-xbhh-m11c-gkeu" }, { "vulnerability": "VCID-yvcy-4e8m-p3b8" }, { "vulnerability": "VCID-zkkk-5q62-ubca" }, { "vulnerability": "VCID-zubf-dqv7-xkf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0" } ], "aliases": [ "CVE-2020-9692", "GHSA-vqg7-8v6x-54rq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuw6-hdbp-yqb2" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.0" }