Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03Z3B2LXhyanItZjVoNM4AAo-L

Moderate EPSS: 0.00779% (0.72508 Percentile) EPSS:
Permalink JSON

Magento Path Traversal vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:magento/project-community-edition <= 2.0.2 No known fixed version
9 Dependent packages
11 Dependent repositories
4,251 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2
packagist:magento/community-edition < 2.3.7, >= 2.4.0, < 2.4.2-p1 2.3.7, 2.4.2-p1
13 Dependent packages
12 Dependent repositories
49,793 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.4.0, 2.4.1

All unaffected versions

2.3.7, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.

References:

Identifiers

GHSA-7gpv-xrjr-f5h4

CVE-2021-28584

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00779

EPSS Percentile: 0.72508

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/magento/magento2

Date and time

Published

about 3 years ago

Updated

6 months ago

API

JSON