[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

PKSA-zmwm-kwzt-pms6 CVE-2024-34111 GHSA-jmqp-r3gg-6jh3

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub

[CRITICAL] Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

PKSA-71k8-bhfg-zj3d CVE-2024-34102 GHSA-m8cj-3v68-3cxj

Affected version: =2.4.7|=2.4.6|=2.4.5|<2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4

Reported by:
GitHub

[HIGH] Magento Open Source Improper Authentication vulnerability

PKSA-29px-skjv-7bmn CVE-2024-34103 GHSA-f7q4-9gwv-6774

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub

[HIGH] Magento Open Source Improper Authorization vulnerability

PKSA-pbd2-8ctn-8ptb CVE-2024-34104 GHSA-wwj3-573j-rvvm

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub

[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability

PKSA-gc3j-nr7v-3th6 CVE-2024-34105 GHSA-5632-wq7m-gfq9

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub

[MEDIUM] Magento Open Source Incorrect Authorization vulnerability

PKSA-jfkj-qxdn-854f CVE-2024-34106 GHSA-p6h9-gx5g-wg64

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub

[MEDIUM] Magento Open Source Improper Access Control vulnerability

PKSA-mw1m-j257-zksc CVE-2024-34107 GHSA-r7cm-g469-wm4g

Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7

Reported by:
GitHub