Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.
Permalink: https://github.com/advisories/GHSA-3fr3-gcqh-3m2gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 days ago
Updated: 4 days ago
CVSS Score: 7.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Identifiers: GHSA-3fr3-gcqh-3m2g, CVE-2024-45117
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-45117
- https://helpx.adobe.com/security/products/magento/apsb24-73.html
- https://github.com/advisories/GHSA-3fr3-gcqh-3m2g
Affected Packages
packagist:magento/community-edition
Dependent packages: 13Dependent repositories: 12
Downloads: 48,231 total
Affected Version Ranges: = 2.4.4, = 2.4.5, = 2.4.6, = 2.4.7, < 2.4.4-p11, >= 2.4.5-p1, < 2.4.5-p10, >= 2.4.6-p1, < 2.4.6-p8, >= 2.4.7-beta1, < 2.4.7-p3
Fixed in: , , , , 2.4.4-p11, 2.4.5-p10, 2.4.6-p8, 2.4.7-p3
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.4-p1, 2.4.4-p10, 2.4.5, 2.4.5-p1, 2.4.6, 2.4.6-p1, 2.4.6-p2, 2.4.6-p3, 2.4.6-p4, 2.4.6-p5, 2.4.6-p6, 2.4.6-p7, 2.4.7, 2.4.7-beta1, 2.4.7-beta2, 2.4.7-beta3, 2.4.7-p1, 2.4.7-p2
All unaffected versions: