Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-389t-bp5k-yqbw

Summary

Magento Open Source allows XML Injection
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.

Aliases

alias	CVE-2023-29289

alias	GHSA-wh42-8r2w-873x

Fixed_packages

url	pkg:composer/magento/community-edition@2.4.4-p4
purl	pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4

url	pkg:composer/magento/community-edition@2.4.5-p3
purl	pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3

Affected_packages

url pkg:composer/magento/community-edition@2.4.4-p1

purl pkg:composer/magento/community-edition@2.4.4-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jew7-2yd7-8ffp

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-mgnu-rgqb-h7cw

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-umy7-aq5d-vfhj

vulnerability	VCID-vt4j-zfwn-m3cd

vulnerability	VCID-whzv-vgev-rqd4

vulnerability	VCID-wv9y-3kyz-hbgq

vulnerability	VCID-xhej-jypg-7fah

vulnerability	VCID-ypqs-5ju2-hkcz

vulnerability	VCID-zndr-m4hp-gue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p1

url pkg:composer/magento/community-edition@2.4.4

purl pkg:composer/magento/community-edition@2.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3sn5-689e-cbhk

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-3vpy-uswf-5ugc

vulnerability	VCID-3wnx-e9kp-fkg7

vulnerability	VCID-46mz-swkk-suhn

vulnerability	VCID-4kg3-wkw1-vqhy

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5fmh-e4j7-nbcf

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dbc-v42e-j7d6

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-86h6-jwyx-8yf2

vulnerability	VCID-8crc-kmpq-63bd

vulnerability	VCID-8kar-95vh-ube3

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-cd1x-g9b4-6ufh

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-dqfx-d99q-jyd1

vulnerability	VCID-ekn2-uahd-4qgw

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-ewjp-uxup-gqex

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gdh1-vff1-cfc2

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jbzd-yjne-6ucr

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jew7-2yd7-8ffp

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-jnsk-z1qy-8uh7

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-khdx-kb5m-qyd7

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mcuv-294k-5qc4

vulnerability	VCID-mgnu-rgqb-h7cw

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-mwg1-4tbg-53cg

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-p84d-d8gt-ukck

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qsq4-2nz1-p7hu

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rhp2-bwp6-k3d4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-snxt-bv9t-nbdu

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-t2pj-rv3r-7fda

vulnerability	VCID-t5m6-39fh-zfhg

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-trys-a3eq-y7fb

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-umy7-aq5d-vfhj

vulnerability	VCID-uv6e-ctrt-eycw

vulnerability	VCID-v7r7-xtq1-gug6

100

vulnerability	VCID-v7ru-7kga-2bet

101

vulnerability	VCID-vt4j-zfwn-m3cd

102

vulnerability	VCID-vthq-tuqs-5fg9

103

vulnerability	VCID-vvzs-mjes-e3eq

104

vulnerability	VCID-wdvt-5z3a-5bc2

105

vulnerability	VCID-whzv-vgev-rqd4

106

vulnerability	VCID-wv9y-3kyz-hbgq

107

vulnerability	VCID-xde9-dz52-1fgp

108

vulnerability	VCID-xhej-jypg-7fah

109

vulnerability	VCID-xm9z-aqhf-uqft

110

vulnerability	VCID-y9ew-ydqv-4kbf

111

vulnerability	VCID-yh52-jggb-jfgx

112

vulnerability	VCID-ypqs-5ju2-hkcz

113

vulnerability	VCID-z5sv-b3wm-rqbe

114

vulnerability	VCID-z7g7-sbje-bbev

115

vulnerability	VCID-z8qf-cqwg-zkan

116

vulnerability	VCID-zacs-wg6m-qyg4

117

vulnerability	VCID-zjmz-qn1y-n3d9

118

vulnerability	VCID-zndr-m4hp-gue2

119

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4

url pkg:composer/magento/community-edition@2.4.5-p1

purl pkg:composer/magento/community-edition@2.4.5-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3sn5-689e-cbhk

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-3vpy-uswf-5ugc

vulnerability	VCID-3wnx-e9kp-fkg7

vulnerability	VCID-46mz-swkk-suhn

vulnerability	VCID-4kg3-wkw1-vqhy

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5fmh-e4j7-nbcf

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dbc-v42e-j7d6

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-8crc-kmpq-63bd

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9rdk-3631-eqcw

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-ac6e-denb-w7hy

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-dqfx-d99q-jyd1

vulnerability	VCID-ekn2-uahd-4qgw

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-epeq-fvse-xudw

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-ewjp-uxup-gqex

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gdh1-vff1-cfc2

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jbzd-yjne-6ucr

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-jnsk-z1qy-8uh7

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-khdx-kb5m-qyd7

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mcuv-294k-5qc4

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-mwg1-4tbg-53cg

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-p84d-d8gt-ukck

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qsq4-2nz1-p7hu

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rhp2-bwp6-k3d4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-t5m6-39fh-zfhg

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-umy7-aq5d-vfhj

vulnerability	VCID-uv6e-ctrt-eycw

vulnerability	VCID-v7r7-xtq1-gug6

vulnerability	VCID-v7ru-7kga-2bet

vulnerability	VCID-vt4j-zfwn-m3cd

vulnerability	VCID-vthq-tuqs-5fg9

vulnerability	VCID-vvzs-mjes-e3eq

vulnerability	VCID-wdvt-5z3a-5bc2

100

vulnerability	VCID-whzv-vgev-rqd4

101

vulnerability	VCID-wv9y-3kyz-hbgq

102

vulnerability	VCID-xde9-dz52-1fgp

103

vulnerability	VCID-xhej-jypg-7fah

104

vulnerability	VCID-xm9z-aqhf-uqft

105

vulnerability	VCID-y9ew-ydqv-4kbf

106

vulnerability	VCID-yh52-jggb-jfgx

107

vulnerability	VCID-ypqs-5ju2-hkcz

108

vulnerability	VCID-z8qf-cqwg-zkan

109

vulnerability	VCID-zacs-wg6m-qyg4

110

vulnerability	VCID-zndr-m4hp-gue2

111

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p1

url pkg:composer/magento/community-edition@2.4.5

purl pkg:composer/magento/community-edition@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3jns-w9p4-jyca

vulnerability	VCID-3sn5-689e-cbhk

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-3vpy-uswf-5ugc

vulnerability	VCID-3wnx-e9kp-fkg7

vulnerability	VCID-46mz-swkk-suhn

vulnerability	VCID-4kg3-wkw1-vqhy

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-53d5-qzm4-vfgs

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5fmh-e4j7-nbcf

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dbc-v42e-j7d6

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-8crc-kmpq-63bd

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-a9hc-nhv2-7ubx

vulnerability	VCID-ac6e-denb-w7hy

vulnerability	VCID-annu-j9a3-xkhs

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-dqfx-d99q-jyd1

vulnerability	VCID-ekn2-uahd-4qgw

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-ewjp-uxup-gqex

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gdh1-vff1-cfc2

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-gyd8-hu6s-wkgt

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jbzd-yjne-6ucr

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jew7-2yd7-8ffp

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-jnsk-z1qy-8uh7

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-khdx-kb5m-qyd7

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mcuv-294k-5qc4

vulnerability	VCID-mgk4-9tan-a7fj

vulnerability	VCID-mgnu-rgqb-h7cw

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-mwg1-4tbg-53cg

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-p84d-d8gt-ukck

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qsq4-2nz1-p7hu

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rhp2-bwp6-k3d4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-t5m6-39fh-zfhg

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-umy7-aq5d-vfhj

vulnerability	VCID-uv6e-ctrt-eycw

100

vulnerability	VCID-v7r7-xtq1-gug6

101

vulnerability	VCID-v7ru-7kga-2bet

102

vulnerability	VCID-vjad-xkj2-nygh

103

vulnerability	VCID-vt4j-zfwn-m3cd

104

vulnerability	VCID-vthq-tuqs-5fg9

105

vulnerability	VCID-vvzs-mjes-e3eq

106

vulnerability	VCID-wdvt-5z3a-5bc2

107

vulnerability	VCID-weqh-3ye3-nbbp

108

vulnerability	VCID-whzv-vgev-rqd4

109

vulnerability	VCID-wv9y-3kyz-hbgq

110

vulnerability	VCID-xde9-dz52-1fgp

111

vulnerability	VCID-xhej-jypg-7fah

112

vulnerability	VCID-xm9z-aqhf-uqft

113

vulnerability	VCID-y9ew-ydqv-4kbf

114

vulnerability	VCID-yh52-jggb-jfgx

115

vulnerability	VCID-yjgp-6ntk-xbc3

116

vulnerability	VCID-ypqs-5ju2-hkcz

117

vulnerability	VCID-yzdu-4cnk-5uft

118

vulnerability	VCID-z8qf-cqwg-zkan

119

vulnerability	VCID-zacs-wg6m-qyg4

120

vulnerability	VCID-zgzb-haur-s7aq

121

vulnerability	VCID-zndr-m4hp-gue2

122

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5

url pkg:composer/magento/community-edition@2.4.6

purl pkg:composer/magento/community-edition@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-2495-ugn7-v7fk

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3jns-w9p4-jyca

vulnerability	VCID-3sn5-689e-cbhk

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-3vpy-uswf-5ugc

vulnerability	VCID-3wnx-e9kp-fkg7

vulnerability	VCID-46mz-swkk-suhn

vulnerability	VCID-4kg3-wkw1-vqhy

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-53d5-qzm4-vfgs

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5fmh-e4j7-nbcf

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dbc-v42e-j7d6

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-8crc-kmpq-63bd

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9gte-ub5c-mqas

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-a9hc-nhv2-7ubx

vulnerability	VCID-ac6e-denb-w7hy

vulnerability	VCID-annu-j9a3-xkhs

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d372-f5hu-1bhr

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-dqfx-d99q-jyd1

vulnerability	VCID-ekn2-uahd-4qgw

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-ewjp-uxup-gqex

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gdh1-vff1-cfc2

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-gyd8-hu6s-wkgt

vulnerability	VCID-hbre-ty72-g7gy

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jbzd-yjne-6ucr

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-jnsk-z1qy-8uh7

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-khdx-kb5m-qyd7

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mcuv-294k-5qc4

vulnerability	VCID-mgk4-9tan-a7fj

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-mwg1-4tbg-53cg

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-p84d-d8gt-ukck

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qsq4-2nz1-p7hu

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rhp2-bwp6-k3d4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-t5m6-39fh-zfhg

vulnerability	VCID-tk7j-4vsm-e7c6

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

100

vulnerability	VCID-uv6e-ctrt-eycw

101

vulnerability	VCID-v7r7-xtq1-gug6

102

vulnerability	VCID-v7ru-7kga-2bet

103

vulnerability	VCID-vjad-xkj2-nygh

104

vulnerability	VCID-vt4j-zfwn-m3cd

105

vulnerability	VCID-vthq-tuqs-5fg9

106

vulnerability	VCID-vvzs-mjes-e3eq

107

vulnerability	VCID-wdvt-5z3a-5bc2

108

vulnerability	VCID-weqh-3ye3-nbbp

109

vulnerability	VCID-whzv-vgev-rqd4

110

vulnerability	VCID-xde9-dz52-1fgp

111

vulnerability	VCID-xhej-jypg-7fah

112

vulnerability	VCID-xm9z-aqhf-uqft

113

vulnerability	VCID-y9ew-ydqv-4kbf

114

vulnerability	VCID-yh52-jggb-jfgx

115

vulnerability	VCID-yjgp-6ntk-xbc3

116

vulnerability	VCID-ypqs-5ju2-hkcz

117

vulnerability	VCID-yzdu-4cnk-5uft

118

vulnerability	VCID-z8qf-cqwg-zkan

119

vulnerability	VCID-zacs-wg6m-qyg4

120

vulnerability	VCID-zgzb-haur-s7aq

121

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6

url pkg:composer/magento/project-community-edition@2.0.2

purl pkg:composer/magento/project-community-edition@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-1qch-21pj-4yhs

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-2495-ugn7-v7fk

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-38rm-wf86-ryfw

vulnerability	VCID-3d19-jvhv-kfej

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3jns-w9p4-jyca

vulnerability	VCID-3mbp-mm4g-yybx

vulnerability	VCID-3mg5-5bnt-3qb3

vulnerability	VCID-3sn5-689e-cbhk

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3vpy-uswf-5ugc

vulnerability	VCID-3wnx-e9kp-fkg7

vulnerability	VCID-46mz-swkk-suhn

vulnerability	VCID-4kg3-wkw1-vqhy

vulnerability	VCID-4phr-amm7-q3he

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-53d5-qzm4-vfgs

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5fmh-e4j7-nbcf

vulnerability	VCID-5m9k-7pab-bygj

vulnerability	VCID-5wjs-5jc8-y7dv

vulnerability	VCID-631j-28c3-zqam

vulnerability	VCID-63pe-4w5f-zqax

vulnerability	VCID-6cm3-pkzs-wbdu

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-7dbc-v42e-j7d6

vulnerability	VCID-7jfc-dbkn-9fa4

vulnerability	VCID-8crc-kmpq-63bd

vulnerability	VCID-8vyv-da9b-x7c5

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-9gte-ub5c-mqas

vulnerability	VCID-9rdk-3631-eqcw

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-a9hc-nhv2-7ubx

vulnerability	VCID-ac6e-denb-w7hy

vulnerability	VCID-annu-j9a3-xkhs

vulnerability	VCID-atcy-z6qm-7qcn

vulnerability	VCID-atnt-jfyb-uydk

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d372-f5hu-1bhr

vulnerability	VCID-dahp-ngf2-yfck

vulnerability	VCID-ddnf-1ejm-g3fm

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-dqfx-d99q-jyd1

vulnerability	VCID-e514-8tra-9kg2

vulnerability	VCID-ea9q-x4cf-wfdj

vulnerability	VCID-eh85-akw2-4qby

vulnerability	VCID-ekn2-uahd-4qgw

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-epeq-fvse-xudw

vulnerability	VCID-esvp-gu4v-hkc8

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-ewjp-uxup-gqex

vulnerability	VCID-f418-amxz-xfey

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-fk7u-x6n8-y3a8

vulnerability	VCID-fs6u-kx4y-nqbh

vulnerability	VCID-gdh1-vff1-cfc2

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-gngq-4jm1-nffv

vulnerability	VCID-gyd8-hu6s-wkgt

vulnerability	VCID-hbre-ty72-g7gy

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hubk-cyxh-gbeu

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbzd-yjne-6ucr

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jew7-2yd7-8ffp

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-jgkp-2cew-c7hc

vulnerability	VCID-jnsk-z1qy-8uh7

vulnerability	VCID-khdx-kb5m-qyd7

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-ktbz-cqsm-cqdh

vulnerability	VCID-mcuv-294k-5qc4

vulnerability	VCID-mgk4-9tan-a7fj

vulnerability	VCID-mgnu-rgqb-h7cw

vulnerability	VCID-mn2q-e59e-9bhu

vulnerability	VCID-mwg1-4tbg-53cg

vulnerability	VCID-mxpb-g7qp-w3gp

vulnerability	VCID-nf7q-381b-eufk

vulnerability	VCID-ns3u-g7gm-kbfq

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-p7gh-bgn5-kyfw

100

vulnerability	VCID-p84d-d8gt-ukck

101

vulnerability	VCID-pqpk-dh2p-4yc8

102

vulnerability	VCID-pt49-zfad-2fgb

103

vulnerability	VCID-qdse-avkx-7kb6

104

vulnerability	VCID-qsq4-2nz1-p7hu

105

vulnerability	VCID-qxz4-rh86-cfcu

106

vulnerability	VCID-rgfy-hqz1-zyb4

107

vulnerability	VCID-rhp2-bwp6-k3d4

108

vulnerability	VCID-rmqf-8w57-uydk

109

vulnerability	VCID-snxt-bv9t-nbdu

110

vulnerability	VCID-t5m6-39fh-zfhg

111

vulnerability	VCID-tk7j-4vsm-e7c6

112

vulnerability	VCID-u3cx-xm7q-8uch

113

vulnerability	VCID-u3gt-rhgh-p7ax

114

vulnerability	VCID-u87h-sf89-k3ew

115

vulnerability	VCID-u8ch-jew7-pubj

116

vulnerability	VCID-ub5g-fuqv-xqej

117

vulnerability	VCID-ueg1-1xj3-aqcq

118

vulnerability	VCID-v7r7-xtq1-gug6

119

vulnerability	VCID-vjad-xkj2-nygh

120

vulnerability	VCID-vt4j-zfwn-m3cd

121

vulnerability	VCID-vvzs-mjes-e3eq

122

vulnerability	VCID-wbj6-ehhe-ybf1

123

vulnerability	VCID-wdvt-5z3a-5bc2

124

vulnerability	VCID-weqh-3ye3-nbbp

125

vulnerability	VCID-whzv-vgev-rqd4

126

vulnerability	VCID-wv9y-3kyz-hbgq

127

vulnerability	VCID-x63j-5hm1-8kh9

128

vulnerability	VCID-x9xn-qvau-kqhu

129

vulnerability	VCID-xhej-jypg-7fah

130

vulnerability	VCID-xum3-uvmz-efhj

131

vulnerability	VCID-y9ew-ydqv-4kbf

132

vulnerability	VCID-yh52-jggb-jfgx

133

vulnerability	VCID-yhrq-kbj5-puaz

134

vulnerability	VCID-yjgp-6ntk-xbc3

135

vulnerability	VCID-yjrz-v74j-xbfx

136

vulnerability	VCID-ypqs-5ju2-hkcz

137

vulnerability	VCID-z5ak-93ax-gues

138

vulnerability	VCID-zacs-wg6m-qyg4

139

vulnerability	VCID-zgzb-haur-s7aq

140

vulnerability	VCID-zndr-m4hp-gue2

141

vulnerability	VCID-zpta-g6q9-ykdh

142

vulnerability	VCID-zt1b-5ytz-wqb6

143

vulnerability	VCID-zzn5-7yxb-t3hf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@2.0.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29289

reference_id

reference_type

scores

value	0.00357
scoring_system	epss
scoring_elements	0.58242
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29289

reference_url

https://github.com/magento/magento2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	4.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2

reference_url

https://helpx.adobe.com/security/products/magento/apsb23-35.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	4.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:23Z/

url

https://helpx.adobe.com/security/products/magento/apsb23-35.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29289

reference_id

CVE-2023-29289

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	4.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29289

reference_url

https://github.com/advisories/GHSA-wh42-8r2w-873x

reference_id

GHSA-wh42-8r2w-873x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wh42-8r2w-873x

Weaknesses

cwe_id	91
name	XML Injection (aka Blind XPath Injection)
description	The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-389t-bp5k-yqbw

Vulnerability Instance