Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/65568?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "type": "composer", "namespace": "magento", "name": "community-edition", "version": "2.4.5-p3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.5-p4", "latest_non_vulnerable_version": "2.4.9-alpha3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45420?format=api", "vulnerability_id": "VCID-2h52-3pt6-dfcw", "summary": "Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29296", "reference_id": "CVE-2023-29296", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29296" }, { "reference_url": "https://github.com/advisories/GHSA-3qr4-w96f-672v", "reference_id": "GHSA-3qr4-w96f-672v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3qr4-w96f-672v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29296", "GHSA-3qr4-w96f-672v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2h52-3pt6-dfcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45421?format=api", "vulnerability_id": "VCID-3et4-3zad-1qfn", "summary": "Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29290", "reference_id": "CVE-2023-29290", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29290" }, { "reference_url": "https://github.com/advisories/GHSA-qw5m-vmp3-f553", "reference_id": "GHSA-qw5m-vmp3-f553", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qw5m-vmp3-f553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29290", "GHSA-qw5m-vmp3-f553" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3et4-3zad-1qfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45407?format=api", "vulnerability_id": "VCID-525q-afzj-tkcp", "summary": "Magento Open Source affected by Improper Input Validation\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29293", "reference_id": "CVE-2023-29293", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29293" }, { "reference_url": "https://github.com/advisories/GHSA-66c9-xrwj-9xv6", "reference_id": "GHSA-66c9-xrwj-9xv6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-66c9-xrwj-9xv6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29293", "GHSA-66c9-xrwj-9xv6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-525q-afzj-tkcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45404?format=api", "vulnerability_id": "VCID-7s7e-adr6-h3dc", "summary": "Magento Open Source allows Information Exposure\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29287", "reference_id": "CVE-2023-29287", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29287" }, { "reference_url": "https://github.com/advisories/GHSA-85m4-g9vq-xpxj", "reference_id": "GHSA-85m4-g9vq-xpxj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-85m4-g9vq-xpxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29287", "GHSA-85m4-g9vq-xpxj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7s7e-adr6-h3dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45411?format=api", "vulnerability_id": "VCID-az2w-5xhy-5fe4", "summary": "Magento Open Source allows Improper Neutralization of Special Elements Used\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29297", "reference_id": "CVE-2023-29297", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29297" }, { "reference_url": "https://github.com/advisories/GHSA-gfmm-ww6f-5mm5", "reference_id": "GHSA-gfmm-ww6f-5mm5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gfmm-ww6f-5mm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29297", "GHSA-gfmm-ww6f-5mm5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-az2w-5xhy-5fe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45413?format=api", "vulnerability_id": "VCID-dx43-89w9-a7dg", "summary": "Magento Open Source allows Server-Side Request Forgery (SSRF)\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29292", "reference_id": "CVE-2023-29292", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29292" }, { "reference_url": "https://github.com/advisories/GHSA-4588-7x48-jrgj", "reference_id": "GHSA-4588-7x48-jrgj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4588-7x48-jrgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29292", "GHSA-4588-7x48-jrgj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx43-89w9-a7dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45408?format=api", "vulnerability_id": "VCID-fzam-yuyg-qyd5", "summary": "Magento Open Source allows XML Injection\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29289", "reference_id": "CVE-2023-29289", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29289" }, { "reference_url": "https://github.com/advisories/GHSA-wh42-8r2w-873x", "reference_id": "GHSA-wh42-8r2w-873x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wh42-8r2w-873x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29289", "GHSA-wh42-8r2w-873x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzam-yuyg-qyd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45416?format=api", "vulnerability_id": "VCID-mtr5-suag-2bdj", "summary": "Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29288", "reference_id": "CVE-2023-29288", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29288" }, { "reference_url": "https://github.com/advisories/GHSA-f989-3fp9-q3r2", "reference_id": "GHSA-f989-3fp9-q3r2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f989-3fp9-q3r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29288", "GHSA-f989-3fp9-q3r2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtr5-suag-2bdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45417?format=api", "vulnerability_id": "VCID-wjfe-wh5k-1qft", "summary": "Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29295", "reference_id": "CVE-2023-29295", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29295" }, { "reference_url": "https://github.com/advisories/GHSA-354h-fpmq-68v7", "reference_id": "GHSA-354h-fpmq-68v7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-354h-fpmq-68v7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29295", "GHSA-354h-fpmq-68v7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjfe-wh5k-1qft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45401?format=api", "vulnerability_id": "VCID-ws6y-k3tx-r3gb", "summary": "Magento Open Source affected by Improper Input Validation\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22248", "reference_id": "CVE-2023-22248", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22248" }, { "reference_url": "https://github.com/advisories/GHSA-5jfg-phx7-7fxg", "reference_id": "GHSA-5jfg-phx7-7fxg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5jfg-phx7-7fxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-22248", "GHSA-5jfg-phx7-7fxg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ws6y-k3tx-r3gb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45412?format=api", "vulnerability_id": "VCID-x46d-a16g-nkg9", "summary": "Magento Open Source has Business Logic Errors Vulnerability\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29294", "reference_id": "CVE-2023-29294", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29294" }, { "reference_url": "https://github.com/advisories/GHSA-28vp-39rf-3q2j", "reference_id": "GHSA-28vp-39rf-3q2j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-28vp-39rf-3q2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29294", "GHSA-28vp-39rf-3q2j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x46d-a16g-nkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45418?format=api", "vulnerability_id": "VCID-yuvf-e7hk-kqf9", "summary": "Magento Open Source allows Server-Side Request Forgery (SSRF)\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29291", "reference_id": "CVE-2023-29291", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29291" }, { "reference_url": "https://github.com/advisories/GHSA-5f79-vhr4-vw2r", "reference_id": "GHSA-5f79-vhr4-vw2r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5f79-vhr4-vw2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65569?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65568?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" } ], "aliases": [ "CVE-2023-29291", "GHSA-5f79-vhr4-vw2r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuvf-e7hk-kqf9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3" }