magento/community-edition Security Advisories for 2.3.7-p2 (12)
-
[HIGH] Magento Improper input validation vulnerability
PKSA-228k-hrjg-43zp CVE-2022-42344 GHSA-297f-r9w7-w492
Affected version: =2.4.4|>=2.4.0,<2.4.3-p3|<2.3.7-p4
Reported by:
GitHub -
[HIGH] Magento Path Traversal vulnerability
PKSA-rnsh-tzs8-qzqg CVE-2022-34254 GHSA-fx9g-g9q6-x3jx
Affected version: =2.4.4|>=2.4.0,<2.4.3-p3|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-858j-1s59-ycmj CVE-2022-34255 GHSA-x95x-f4g9-mm85
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Authorization vulnerability
PKSA-4kq2-8xg5-xc5f CVE-2022-34256 GHSA-r7mm-grf3-5fjv
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-8rxk-pq5k-p21j CVE-2022-34257 GHSA-rg7p-wmgj-f374
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-48rk-jcyb-xpsd CVE-2022-34258 GHSA-5m55-g8pv-x8ww
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-1w77-ttnz-wb1k CVE-2022-34259 GHSA-9wjf-94h3-r4rh
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento XML Injection vulnerability in the Widgets Module
PKSA-ky72-2cr3-p8cw CVE-2022-34253 GHSA-cj7w-pm77-hvg6
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload
PKSA-wd67-z9cy-8cfd CVE-2020-24407 GHSA-7pxg-6p87-8c9v
Affected version: <=2.4.0
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Incorrect Authorization
PKSA-ds46-4wsj-k4fh CVE-2020-24401 GHSA-f2g3-3c6q-4478
Affected version: <=2.4.0
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-rs6t-7sf8-mdt8 CVE-2020-24408 GHSA-jxjc-6xmh-h7mg
Affected version: <=2.4.0
Reported by:
GitHub -
[CRITICAL] Magento improper input validation vulnerability
PKSA-bck7-ptrd-xq9f CVE-2022-24086 GHSA-f8fv-f786-9933
Affected version: >=2.4.0,<2.4.3-p2|>=2.3.3-p1,<2.3.7-p3
Reported by:
GitHub