Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-z8qf-cqwg-zkan

Summary

Aliases

alias	CVE-2024-34102

alias	GHSA-m8cj-3v68-3cxj

Fixed_packages

url	pkg:composer/magento/community-edition@2.4.4-p9
purl	pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9

url	pkg:composer/magento/community-edition@2.4.5-p8
purl	pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8

url	pkg:composer/magento/community-edition@2.4.6-p6
purl	pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6

Affected_packages

url pkg:composer/magento/community-edition@2.4.4

purl pkg:composer/magento/community-edition@2.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-86h6-jwyx-8yf2

vulnerability	VCID-8kar-95vh-ube3

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-cd1x-g9b4-6ufh

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jew7-2yd7-8ffp

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mgnu-rgqb-h7cw

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-snxt-bv9t-nbdu

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-t2pj-rv3r-7fda

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-trys-a3eq-y7fb

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-umy7-aq5d-vfhj

vulnerability	VCID-v7ru-7kga-2bet

vulnerability	VCID-vt4j-zfwn-m3cd

vulnerability	VCID-vthq-tuqs-5fg9

vulnerability	VCID-vvzs-mjes-e3eq

vulnerability	VCID-whzv-vgev-rqd4

vulnerability	VCID-wv9y-3kyz-hbgq

vulnerability	VCID-xde9-dz52-1fgp

vulnerability	VCID-xhej-jypg-7fah

vulnerability	VCID-xm9z-aqhf-uqft

vulnerability	VCID-y9ew-ydqv-4kbf

vulnerability	VCID-ypqs-5ju2-hkcz

vulnerability	VCID-z5sv-b3wm-rqbe

vulnerability	VCID-z7g7-sbje-bbev

vulnerability	VCID-z8qf-cqwg-zkan

vulnerability	VCID-zjmz-qn1y-n3d9

vulnerability	VCID-zndr-m4hp-gue2

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4

url pkg:composer/magento/community-edition@2.4.5-p1

purl pkg:composer/magento/community-edition@2.4.5-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-umy7-aq5d-vfhj

vulnerability	VCID-v7ru-7kga-2bet

vulnerability	VCID-vt4j-zfwn-m3cd

vulnerability	VCID-vthq-tuqs-5fg9

vulnerability	VCID-vvzs-mjes-e3eq

vulnerability	VCID-whzv-vgev-rqd4

vulnerability	VCID-wv9y-3kyz-hbgq

vulnerability	VCID-xde9-dz52-1fgp

vulnerability	VCID-xhej-jypg-7fah

vulnerability	VCID-xm9z-aqhf-uqft

vulnerability	VCID-y9ew-ydqv-4kbf

vulnerability	VCID-ypqs-5ju2-hkcz

vulnerability	VCID-z8qf-cqwg-zkan

vulnerability	VCID-zndr-m4hp-gue2

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p1

url pkg:composer/magento/community-edition@2.4.5

purl pkg:composer/magento/community-edition@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-2gjv-y49y-4yh7

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jew7-2yd7-8ffp

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mgnu-rgqb-h7cw

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-umy7-aq5d-vfhj

vulnerability	VCID-v7ru-7kga-2bet

vulnerability	VCID-vt4j-zfwn-m3cd

vulnerability	VCID-vthq-tuqs-5fg9

vulnerability	VCID-vvzs-mjes-e3eq

vulnerability	VCID-whzv-vgev-rqd4

vulnerability	VCID-wv9y-3kyz-hbgq

vulnerability	VCID-xde9-dz52-1fgp

vulnerability	VCID-xhej-jypg-7fah

vulnerability	VCID-xm9z-aqhf-uqft

vulnerability	VCID-y9ew-ydqv-4kbf

vulnerability	VCID-ypqs-5ju2-hkcz

vulnerability	VCID-z8qf-cqwg-zkan

vulnerability	VCID-zndr-m4hp-gue2

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5

url pkg:composer/magento/community-edition@2.4.6-p1

purl pkg:composer/magento/community-edition@2.4.6-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-v7ru-7kga-2bet

vulnerability	VCID-vt4j-zfwn-m3cd

vulnerability	VCID-vthq-tuqs-5fg9

vulnerability	VCID-vvzs-mjes-e3eq

vulnerability	VCID-whzv-vgev-rqd4

vulnerability	VCID-xde9-dz52-1fgp

vulnerability	VCID-xm9z-aqhf-uqft

vulnerability	VCID-y9ew-ydqv-4kbf

vulnerability	VCID-ypqs-5ju2-hkcz

vulnerability	VCID-z8qf-cqwg-zkan

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1

url pkg:composer/magento/community-edition@2.4.6

purl pkg:composer/magento/community-edition@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-16x4-fjuv-hbc4

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1xvu-3fjk-t7ay

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-1yr5-8e84-cyf5

vulnerability	VCID-2495-ugn7-v7fk

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-389t-bp5k-yqbw

vulnerability	VCID-3d83-1r55-uqfb

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-4rga-e18t-myh6

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6gue-nxx5-u3h6

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-8wm3-xqbd-zqf5

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9gte-ub5c-mqas

vulnerability	VCID-9u6k-hbxd-8bds

vulnerability	VCID-9v4c-gauv-wyh2

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-b6wy-nzzg-k3em

vulnerability	VCID-bm3p-s43s-uuce

vulnerability	VCID-c7rf-4ky3-tyev

vulnerability	VCID-ca94-mqq1-jyaz

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d372-f5hu-1bhr

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-de3q-b1v4-bybu

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-eu82-bgnu-rue2

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hbre-ty72-g7gy

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-hwb9-yxzn-zub5

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-kj9m-ccf8-gyep

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-pqpk-dh2p-4yc8

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rmqf-8w57-uydk

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-tk7j-4vsm-e7c6

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-ub5g-fuqv-xqej

vulnerability	VCID-ueg1-1xj3-aqcq

vulnerability	VCID-v7ru-7kga-2bet

vulnerability	VCID-vt4j-zfwn-m3cd

vulnerability	VCID-vthq-tuqs-5fg9

vulnerability	VCID-vvzs-mjes-e3eq

vulnerability	VCID-whzv-vgev-rqd4

vulnerability	VCID-xde9-dz52-1fgp

vulnerability	VCID-xhej-jypg-7fah

vulnerability	VCID-xm9z-aqhf-uqft

vulnerability	VCID-y9ew-ydqv-4kbf

vulnerability	VCID-ypqs-5ju2-hkcz

vulnerability	VCID-z8qf-cqwg-zkan

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6

url pkg:composer/magento/community-edition@2.4.7

purl pkg:composer/magento/community-edition@2.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11ed-qtc7-bqbg

vulnerability	VCID-17xq-rhcp-z3hj

vulnerability	VCID-1wxk-rhfp-qqgp

vulnerability	VCID-1yj1-79jb-wyht

vulnerability	VCID-2495-ugn7-v7fk

vulnerability	VCID-27w8-khpp-c7hk

vulnerability	VCID-29fa-krur-qqbv

vulnerability	VCID-2eq5-hm5y-f3f4

vulnerability	VCID-3hcd-r9gs-cfgh

vulnerability	VCID-3tpy-wktb-wqdj

vulnerability	VCID-3v4v-ysx5-77gs

vulnerability	VCID-4w8w-6563-3kfb

vulnerability	VCID-5bn1-w5sa-ubft

vulnerability	VCID-5du3-fvj3-87h7

vulnerability	VCID-5tkb-ngcw-t7ap

vulnerability	VCID-6g84-aswq-5kfb

vulnerability	VCID-6mxj-tzme-zyhb

vulnerability	VCID-6srg-smmw-hycj

vulnerability	VCID-7dzy-1fxw-xfes

vulnerability	VCID-94sc-9fyk-2uay

vulnerability	VCID-96gx-zvab-yyhe

vulnerability	VCID-9gte-ub5c-mqas

vulnerability	VCID-a2mn-k8qn-j7c9

vulnerability	VCID-ctr3-kt63-hybf

vulnerability	VCID-d372-f5hu-1bhr

vulnerability	VCID-d6u8-dhmd-x3ed

vulnerability	VCID-enwr-t7r8-xyge

vulnerability	VCID-euam-6b48-suhg

vulnerability	VCID-f5jj-23tj-wkbu

vulnerability	VCID-f6vc-8z9a-cqej

vulnerability	VCID-ft2p-3a61-wudj

vulnerability	VCID-gf2z-99wt-3qcg

vulnerability	VCID-gkb3-ddu2-qyg6

vulnerability	VCID-hbre-ty72-g7gy

vulnerability	VCID-hcbc-9c78-yye6

vulnerability	VCID-jbs3-xb4d-j3gz

vulnerability	VCID-jede-wz7z-2ugt

vulnerability	VCID-jehy-k235-4ua9

vulnerability	VCID-jg5k-6vqh-57ey

vulnerability	VCID-k55s-dcep-mbbk

vulnerability	VCID-kumb-xzbe-5fb3

vulnerability	VCID-mgxx-zdm4-9fe7

vulnerability	VCID-ntcr-n7fp-j3ab

vulnerability	VCID-qxz4-rh86-cfcu

vulnerability	VCID-rgfy-hqz1-zyb4

vulnerability	VCID-rv3b-5ja1-dkdv

vulnerability	VCID-t1ba-h3yd-yydc

vulnerability	VCID-tk7j-4vsm-e7c6

vulnerability	VCID-tn7z-sztq-hbax

vulnerability	VCID-u3gt-rhgh-p7ax

vulnerability	VCID-v7ru-7kga-2bet

vulnerability	VCID-vthq-tuqs-5fg9

vulnerability	VCID-vvzs-mjes-e3eq

vulnerability	VCID-xde9-dz52-1fgp

vulnerability	VCID-xm9z-aqhf-uqft

vulnerability	VCID-y9ew-ydqv-4kbf

vulnerability	VCID-ypqs-5ju2-hkcz

vulnerability	VCID-z8qf-cqwg-zkan

vulnerability	VCID-zwsv-4q8h-x3e7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34102

reference_id

reference_type

scores

value	0.94149
scoring_system	epss
scoring_elements	0.99919
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34102

reference_url

https://github.com/magento/magento2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2

reference_url

https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799

reference_url

https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2

reference_url

https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c

reference_url

https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23

reference_url

https://helpx.adobe.com/security/products/magento/apsb24-40.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/

url

https://helpx.adobe.com/security/products/magento/apsb24-40.html

reference_url

https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/

url

https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-34102

reference_id

CVE-2024-34102

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-34102

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml

reference_id

CVE-2024-34102.YAML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml

reference_url

https://github.com/advisories/GHSA-m8cj-3v68-3cxj

reference_id

GHSA-m8cj-3v68-3cxj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m8cj-3v68-3cxj

Weaknesses

cwe_id	611
name	Improper Restriction of XML External Entity Reference
description	The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Exploits

date_added	2024-07-17
description	Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
required_action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
due_date	2024-08-07
notes	https://helpx.adobe.com/security/products/magento/apsb24-40.html; https://nvd.nist.gov/vuln/detail/CVE-2024-34102
known_ransomware_campaign_use	`false`
source_date_published	`null`
exploit_type	`null`
platform	`null`
source_date_updated	`null`
data_source	KEV
source_url	`null`

date_added	`null`
description	This combination of an Arbitrary File Read (CVE-2024-34102) and a Buffer Overflow in glibc (CVE-2024-2961) allows for unauthenticated Remote Code Execution on the following versions of Magento and Adobe Commerce and earlier if the PHP and glibc versions are also vulnerable: - 2.4.7 and earlier - 2.4.6-p5 and earlier - 2.4.5-p7 and earlier - 2.4.4-p8 and earlier Vulnerable PHP versions: - From PHP 7.0.0 (2015) to 8.3.7 (2024) Vulnerable iconv() function in the GNU C Library: - 2.39 and earlier The exploit chain is quite interesting and for more detailed information check out the references. The tl;dr being: CVE-2024-34102 is an XML External Entity vulnerability leveraging PHP filters to read arbitrary files from the target system. The exploit chain uses this to read /proc/self/maps, providing the address of PHP's heap and the libc's filename. The libc is then downloaded, and the offsets of libc_malloc, libc_system and libc_realloc are extracted, and made use of later in the chain. With this information and expert knowledge of PHP's heap (chunks, free lists, buckets, bucket brigades), CVE-2024-2961 can be exploited. A long chain of PHP filters is constructed and sent in the same way the XXE is exploited, building a payload in memory and using the buffer overflow to execute it, resulting in an unauthenticated RCE.
required_action	`null`
due_date	`null`
notes	Stability: - crash-safe SideEffects: - artifacts-on-disk - ioc-in-logs Reliability: - repeatable-session
known_ransomware_campaign_use	`false`
source_date_published	2024-07-26
exploit_type	`null`
platform	Linux,Unix
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb

Severity_range_score 9.0 - 10.0

Exploitability 2.0

Weighted_severity 9.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8qf-cqwg-zkan

Vulnerability Instance