Security Advisories - magento/community-edition

magento/community-edition Security Advisories for 2.4.6 (32)

[MEDIUM] Magento Open Source Improper Authorization vulnerability

PKSA-yx36-4pvc-fy33 CVE-2024-45131 GHSA-xc5p-773w-m3pm

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[HIGH] Magento Open Source Improper Authorization vulnerability

PKSA-g59s-h86c-d272 CVE-2024-45132 GHSA-5f64-ppmg-cvvm

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Information Exposure vulnerability

PKSA-k213-y2gv-f361 CVE-2024-45133 GHSA-j3mh-wx5f-2vhg

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Information Exposure vulnerability

PKSA-fg7g-5j9c-3snf CVE-2024-45134 GHSA-4f89-5cwm-rm5g

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-t8cd-w48x-nzyk CVE-2024-45135 GHSA-8pxg-gcp4-57ww

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[LOW] Magento Open Source Improper Access Control vulnerability

PKSA-zp2y-jcbv-86tw CVE-2024-45149 GHSA-w7rg-7wq2-pjrw

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability

PKSA-w47m-6mjs-p6p5 CVE-2024-45116 GHSA-873m-72g6-853g

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Input Validation vulnerability

PKSA-11qw-117j-ntf6 CVE-2024-45117 GHSA-3fr3-gcqh-3m2g

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[HIGH] Magento Open Source Improper Access Control vulnerability

PKSA-nmsp-4zh6-c2yy CVE-2024-45118 GHSA-cg52-68fv-94qq

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

PKSA-7ymh-b7jr-kcyn CVE-2024-45119 GHSA-g9fm-wc6h-pvgj

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

PKSA-5bd5-9qvn-r6z1 CVE-2024-45120 GHSA-47jp-46c9-25vf

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-5d5h-vdxk-9rb4 CVE-2024-45121 GHSA-2qhq-fw98-h6wg

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-trg9-zwtk-rt2y CVE-2024-45122 GHSA-46fm-x82m-5f74

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability

PKSA-q3cy-4db7-mxq5 CVE-2024-45123 GHSA-88x2-cq34-5fwc

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-g52f-ss82-znpd CVE-2024-45124 GHSA-w3p2-pc3h-69wv

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability

PKSA-vc9p-z4vk-zhsm CVE-2024-45125 GHSA-xg36-8c2v-jpxh

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source stored Cross-Site Scripting (XSS) vulnerability

PKSA-rc6f-2sj1-779v CVE-2024-45127 GHSA-c89g-gq5r-2xw2

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Authorization vulnerability

PKSA-jqmh-mscm-q45w CVE-2024-45128 GHSA-qpp7-742q-58j3

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-8ttm-6rvp-fshh CVE-2024-45129 GHSA-m58h-998x-66f3

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-35sf-fj41-ym76 CVE-2024-45130 GHSA-v3v6-jfvw-m576

Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3

Reported by:
GitHub
[MEDIUM] Magento Open Source Path Traversal vulnerability

PKSA-dw79-2frq-sm6h CVE-2024-39406 GHSA-6pxh-2557-5cj5

Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2

Reported by:
GitHub
[MEDIUM] Magento Open Source Cross-Site Request Forgery vulnerability

PKSA-dzsz-sjtm-vq7t CVE-2024-39408 GHSA-4cj6-f32v-6hgx

Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2

Reported by:
GitHub
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability

PKSA-8qcx-d884-ntny CVE-2024-39409 GHSA-rf4q-m23c-7q8r

Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2

Reported by:
GitHub
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability

PKSA-x9tz-w7x6-ncgm CVE-2024-39410 GHSA-4323-f82v-f6jr

Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Authorization vulnerability

PKSA-sh88-myrv-9t1n CVE-2024-39412 GHSA-7472-vw39-g2j3

Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2

Reported by:
GitHub
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

PKSA-zmwm-kwzt-pms6 CVE-2024-34111 GHSA-jmqp-r3gg-6jh3

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub
[CRITICAL] Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

PKSA-71k8-bhfg-zj3d CVE-2024-34102 GHSA-m8cj-3v68-3cxj

Affected version: =2.4.7|=2.4.6|=2.4.5|<2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4

Reported by:
GitHub
[HIGH] Magento Open Source Improper Authentication vulnerability

PKSA-29px-skjv-7bmn CVE-2024-34103 GHSA-f7q4-9gwv-6774

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub
[HIGH] Magento Open Source Improper Authorization vulnerability

PKSA-pbd2-8ctn-8ptb CVE-2024-34104 GHSA-wwj3-573j-rvvm

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability

PKSA-gc3j-nr7v-3th6 CVE-2024-34105 GHSA-5632-wq7m-gfq9

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability

PKSA-jfkj-qxdn-854f CVE-2024-34106 GHSA-p6h9-gx5g-wg64

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub
[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-mw1m-j257-zksc CVE-2024-34107 GHSA-r7cm-g469-wm4g

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub

magento/community-edition Security Advisories for 2.4.6 (32)

[MEDIUM] Magento Open Source Improper Authorization vulnerability

[HIGH] Magento Open Source Improper Authorization vulnerability

[MEDIUM] Magento Open Source Information Exposure vulnerability

[MEDIUM] Magento Open Source Information Exposure vulnerability

[MEDIUM] Magento Open Source Improper Access Control vulnerability

[LOW] Magento Open Source Improper Access Control vulnerability

[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability

[MEDIUM] Magento Open Source Improper Input Validation vulnerability

[HIGH] Magento Open Source Improper Access Control vulnerability

[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

[MEDIUM] Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

[MEDIUM] Magento Open Source Improper Access Control vulnerability

[MEDIUM] Magento Open Source Improper Access Control vulnerability

[MEDIUM] Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability

[MEDIUM] Magento Open Source Improper Access Control vulnerability

[MEDIUM] Magento Open Source Incorrect Authorization vulnerability

[MEDIUM] Magento Open Source stored Cross-Site Scripting (XSS) vulnerability

[MEDIUM] Magento Open Source Improper Authorization vulnerability

[MEDIUM] Magento Open Source Improper Access Control vulnerability

[MEDIUM] Magento Open Source Improper Access Control vulnerability

[MEDIUM] Magento Open Source Path Traversal vulnerability

[MEDIUM] Magento Open Source Cross-Site Request Forgery vulnerability

[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability

[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability

[MEDIUM] Magento Open Source Improper Authorization vulnerability

[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

[CRITICAL] Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

[HIGH] Magento Open Source Improper Authentication vulnerability

[HIGH] Magento Open Source Improper Authorization vulnerability

[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability

[MEDIUM] Magento Open Source Incorrect Authorization vulnerability

[MEDIUM] Magento Open Source Improper Access Control vulnerability