magento/community-edition Security Advisories for 2.4.4-p2 (13)
-
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-zmwm-kwzt-pms6 CVE-2024-34111 GHSA-jmqp-r3gg-6jh3
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[CRITICAL] Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
PKSA-71k8-bhfg-zj3d CVE-2024-34102 GHSA-m8cj-3v68-3cxj
Affected version: =2.4.7|=2.4.6|=2.4.5|<2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authentication vulnerability
PKSA-29px-skjv-7bmn CVE-2024-34103 GHSA-f7q4-9gwv-6774
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-pbd2-8ctn-8ptb CVE-2024-34104 GHSA-wwj3-573j-rvvm
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-gc3j-nr7v-3th6 CVE-2024-34105 GHSA-5632-wq7m-gfq9
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-jfkj-qxdn-854f CVE-2024-34106 GHSA-p6h9-gx5g-wg64
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-mw1m-j257-zksc CVE-2024-34107 GHSA-r7cm-g469-wm4g
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-858j-1s59-ycmj CVE-2022-34255 GHSA-x95x-f4g9-mm85
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Authorization vulnerability
PKSA-4kq2-8xg5-xc5f CVE-2022-34256 GHSA-r7mm-grf3-5fjv
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-8rxk-pq5k-p21j CVE-2022-34257 GHSA-rg7p-wmgj-f374
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-48rk-jcyb-xpsd CVE-2022-34258 GHSA-5m55-g8pv-x8ww
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-1w77-ttnz-wb1k CVE-2022-34259 GHSA-9wjf-94h3-r4rh
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|>=2.3.0,<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento XML Injection vulnerability in the Widgets Module
PKSA-ky72-2cr3-p8cw CVE-2022-34253 GHSA-cj7w-pm77-hvg6
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|<2.3.7-p4
Reported by:
GitHub