Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-m83v-51cy-uqar

Summary

Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.

Aliases

alias	CVE-2023-38218

alias	GHSA-rpc7-gf58-v3x2

Fixed_packages

url	pkg:composer/magento/community-edition@2.4.4-p6
purl	pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6

url	pkg:composer/magento/community-edition@2.4.5-p5
purl	pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5

url	pkg:composer/magento/community-edition@2.4.6-p3
purl	pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3

url	pkg:composer/magento/community-edition@2.4.7-beta2
purl	pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2

Affected_packages

url pkg:composer/magento/community-edition@2.4.4-p1

purl pkg:composer/magento/community-edition@2.4.4-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-7ewa-w75h-qfdy

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-d2ab-j8bf-e7dx

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-hh8a-mgkk-3yb5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-upcj-z3c1-ubcf

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-x46d-a16g-nkg9

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-yuvf-e7hk-kqf9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p1

url pkg:composer/magento/community-edition@2.4.4

purl pkg:composer/magento/community-edition@2.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-7ewa-w75h-qfdy

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-d2ab-j8bf-e7dx

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-hh8a-mgkk-3yb5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-upcj-z3c1-ubcf

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-x46d-a16g-nkg9

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-yuvf-e7hk-kqf9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4

url pkg:composer/magento/community-edition@2.4.5-p1

purl pkg:composer/magento/community-edition@2.4.5-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-7ewa-w75h-qfdy

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-d2ab-j8bf-e7dx

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-hh8a-mgkk-3yb5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-upcj-z3c1-ubcf

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-x46d-a16g-nkg9

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-yuvf-e7hk-kqf9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p1

url pkg:composer/magento/community-edition@2.4.5

purl pkg:composer/magento/community-edition@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-7ewa-w75h-qfdy

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-d2ab-j8bf-e7dx

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-hh8a-mgkk-3yb5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-upcj-z3c1-ubcf

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-x46d-a16g-nkg9

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-yuvf-e7hk-kqf9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5

url pkg:composer/magento/community-edition@2.4.6-p1

purl pkg:composer/magento/community-edition@2.4.6-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1

url pkg:composer/magento/community-edition@2.4.6

purl pkg:composer/magento/community-edition@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-cafy-5dd8-rudj

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-dj5a-35gt-u7dn

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-qrwc-3gsb-zkfy

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-th7y-aj51-mbaj

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-x46d-a16g-nkg9

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-yuvf-e7hk-kqf9

vulnerability	VCID-yyq6-dvyx-3bb9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6

url pkg:composer/magento/community-edition@2.4.7-beta1

purl pkg:composer/magento/community-edition@2.4.7-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-cafy-5dd8-rudj

vulnerability	VCID-dj5a-35gt-u7dn

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-qrwc-3gsb-zkfy

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-th7y-aj51-mbaj

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-yyq6-dvyx-3bb9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1

url pkg:composer/magento/project-community-edition@2.0.2

purl pkg:composer/magento/project-community-edition@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-36ve-7wxt-z7fz

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-b5hn-f1qk-z7cu

vulnerability	VCID-cafy-5dd8-rudj

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-d2ab-j8bf-e7dx

vulnerability	VCID-dj5a-35gt-u7dn

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-hh8a-mgkk-3yb5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-nn21-hf8r-ykfd

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-qrwc-3gsb-zkfy

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-th7y-aj51-mbaj

vulnerability	VCID-upcj-z3c1-ubcf

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-x46d-a16g-nkg9

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-y93w-2qcc-wqg8

vulnerability	VCID-yuvf-e7hk-kqf9

vulnerability	VCID-yyq6-dvyx-3bb9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@2.0.2

References

reference_url	https://github.com/magento/magento2
reference_id
reference_type
scores
url	https://github.com/magento/magento2

reference_url	https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
url	https://helpx.adobe.com/security/products/magento/apsb23-50.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38218
reference_id	CVE-2023-38218
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38218

reference_url	https://github.com/advisories/GHSA-rpc7-gf58-v3x2
reference_id	GHSA-rpc7-gf58-v3x2
reference_type
scores
url	https://github.com/advisories/GHSA-rpc7-gf58-v3x2

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	639
name	Authorization Bypass Through User-Controlled Key
description	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m83v-51cy-uqar

Vulnerability Instance