Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Magento improper input validation vulnerability
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Permalink: https://github.com/advisories/GHSA-f8fv-f786-9933JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-f8fv-f786-9933, CVE-2022-24086
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-24086
- https://helpx.adobe.com/security/products/magento/apsb22-12.html
- https://github.com/advisories/GHSA-f8fv-f786-9933
Affected Packages
packagist:magento/community-edition
Dependent packages: 13Dependent repositories: 12
Downloads: 48,110 total
Affected Version Ranges: >= 2.4.0, < 2.4.3-p2, >= 2.3.3-p1, < 2.3.7-p3
Fixed in: 2.4.3-p2, 2.3.7-p3
All affected versions: 2.3.3, 2.3.3-p1, 2.3.4, 2.3.5, 2.3.6, 2.3.7-p1, 2.3.7-p2, 2.4.0, 2.4.1, 2.4.2, 2.4.3-p1
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.7, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7