Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/magento/community-edition@2.4.4-p3
Typecomposer
Namespacemagento
Namecommunity-edition
Version2.4.4-p3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.4.4-p4
Latest_non_vulnerable_version2.4.9-alpha3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-d2ab-j8bf-e7dx
vulnerability_id VCID-d2ab-j8bf-e7dx
summary 
Magento Open Source allows XML Injection
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
references
0
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
url https://github.com/magento/magento2
1
reference_url https://helpx.adobe.com/security/products/magento/apsb23-17.html
reference_id
reference_type
scores
url https://helpx.adobe.com/security/products/magento/apsb23-17.html
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22247
reference_id CVE-2023-22247
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22247
3
reference_url https://github.com/advisories/GHSA-2444-8gj8-6fmx
reference_id GHSA-2444-8gj8-6fmx
reference_type
scores
url https://github.com/advisories/GHSA-2444-8gj8-6fmx
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p3
purl pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3
1
url pkg:composer/magento/community-edition@2.4.5-p2
purl pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2
aliases CVE-2023-22247, GHSA-2444-8gj8-6fmx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ab-j8bf-e7dx
1
url VCID-hh8a-mgkk-3yb5
vulnerability_id VCID-hh8a-mgkk-3yb5
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.
references
0
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
url https://github.com/magento/magento2
1
reference_url https://helpx.adobe.com/security/products/magento/apsb23-17.html
reference_id
reference_type
scores
url https://helpx.adobe.com/security/products/magento/apsb23-17.html
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22251
reference_id CVE-2023-22251
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22251
3
reference_url https://github.com/advisories/GHSA-2wm7-mmgc-qxr3
reference_id GHSA-2wm7-mmgc-qxr3
reference_type
scores
url https://github.com/advisories/GHSA-2wm7-mmgc-qxr3
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p3
purl pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3
1
url pkg:composer/magento/community-edition@2.4.5-p2
purl pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2
aliases CVE-2023-22251, GHSA-2wm7-mmgc-qxr3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hh8a-mgkk-3yb5
2
url VCID-upcj-z3c1-ubcf
vulnerability_id VCID-upcj-z3c1-ubcf
summary 
Magento Open Source allows Improper Access Control
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
references
0
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
url https://github.com/magento/magento2
1
reference_url https://helpx.adobe.com/security/products/magento/apsb23-17.html
reference_id
reference_type
scores
url https://helpx.adobe.com/security/products/magento/apsb23-17.html
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22250
reference_id CVE-2023-22250
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22250
3
reference_url https://github.com/advisories/GHSA-4h7p-4vq8-g2gh
reference_id GHSA-4h7p-4vq8-g2gh
reference_type
scores
url https://github.com/advisories/GHSA-4h7p-4vq8-g2gh
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p3
purl pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3
1
url pkg:composer/magento/community-edition@2.4.5-p2
purl pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2
aliases CVE-2023-22250, GHSA-4h7p-4vq8-g2gh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upcj-z3c1-ubcf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3