{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255635?format=json","vulnerability_id":"VCID-z8qf-cqwg-zkan","summary":"","aliases":[{"alias":"CVE-2024-34102"},{"alias":"GHSA-m8cj-3v68-3cxj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81755?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63234?format=json","purl":"pkg:composer/magento/community-edition@2.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-86h6-jwyx-8yf2"},{"vulnerability":"VCID-8kar-95vh-ube3"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-cd1x-g9b4-6ufh"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-snxt-bv9t-nbdu"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-t2pj-rv3r-7fda"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-trys-a3eq-y7fb"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z5sv-b3wm-rqbe"},{"vulnerability":"VCID-z7g7-sbje-bbev"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zjmz-qn1y-n3d9"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/63235?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p1"},{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/65312?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1"},{"url":"http://public2.vulnerablecode.io/api/packages/64387?format=json","purl":"pkg:composer/magento/community-edition@2.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-2495-ugn7-v7fk"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9gte-ub5c-mqas"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d372-f5hu-1bhr"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hbre-ty72-g7gy"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tk7j-4vsm-e7c6"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66132?format=json","purl":"pkg:composer/magento/community-edition@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-2495-ugn7-v7fk"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9gte-ub5c-mqas"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d372-f5hu-1bhr"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hbre-ty72-g7gy"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tk7j-4vsm-e7c6"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34102","reference_id":"","reference_type":"","scores":[{"value":"0.94149","scoring_system":"epss","scoring_elements":"0.99919","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34102"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34102","reference_id":"CVE-2024-34102","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34102"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml","reference_id":"CVE-2024-34102.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m8cj-3v68-3cxj","reference_id":"GHSA-m8cj-3v68-3cxj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m8cj-3v68-3cxj"}],"weaknesses":[{"cwe_id":611,"name":"Improper Restriction of XML External Entity Reference","description":"The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output."}],"exploits":[{"date_added":"2024-07-17","description":"Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.","required_action":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","due_date":"2024-08-07","notes":"https://helpx.adobe.com/security/products/magento/apsb24-40.html;  https://nvd.nist.gov/vuln/detail/CVE-2024-34102","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":null,"source_date_updated":null,"data_source":"KEV","source_url":null},{"date_added":null,"description":"This combination of an Arbitrary File Read (CVE-2024-34102) and a Buffer Overflow in glibc (CVE-2024-2961)\n          allows for unauthenticated Remote Code Execution on the following versions of Magento and Adobe Commerce and\n          earlier if the PHP and glibc versions are also vulnerable:\n          - 2.4.7 and earlier\n          - 2.4.6-p5 and earlier\n          - 2.4.5-p7 and earlier\n          - 2.4.4-p8 and earlier\n\n          Vulnerable PHP versions:\n          - From PHP 7.0.0 (2015) to 8.3.7 (2024)\n\n          Vulnerable iconv() function in the GNU C Library:\n          - 2.39 and earlier\n\n          The exploit chain is quite interesting and for more detailed information check out the references. The tl;dr being:\n          CVE-2024-34102 is an XML External Entity vulnerability leveraging  PHP filters to read arbitrary files from the target\n          system. The exploit chain uses this to read /proc/self/maps, providing the address of PHP's heap and the libc's filename.\n          The libc is then downloaded, and the offsets of libc_malloc, libc_system and libc_realloc are extracted, and made use\n          of later in the chain.\n\n          With this information and expert knowledge of PHP's heap (chunks, free lists, buckets, bucket brigades), CVE-2024-2961\n          can be exploited. A long chain of PHP filters is constructed and sent in the same way the XXE is exploited, building a\n          payload in memory and using the buffer overflow to execute it, resulting in an unauthenticated RCE.","required_action":null,"due_date":null,"notes":"Stability:\n  - crash-safe\nSideEffects:\n  - artifacts-on-disk\n  - ioc-in-logs\nReliability:\n  - repeatable-session\n","known_ransomware_campaign_use":false,"source_date_published":"2024-07-26","exploit_type":null,"platform":"Linux,Unix","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb"}],"severity_range_score":"9.0 - 10.0","exploitability":"2.0","weighted_severity":"9.0","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8qf-cqwg-zkan"}