Magento Open Source Security Vulnerabilities and Issues — Magento Open Source CVE List

Lucene search

AdobeMagento Open Source

4 matches found

CVE•added 2023/03/27 9:15 p.m.•254 views

CVE-2023-22247

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of t...

7.5CVSS7.7AI score0.00736EPSS

CVE•added 2021/09/01 3:15 p.m.•65 views

CVE-2021-36031

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the theme[preview_image] parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

7.2CVSS7.3AI score0.1031EPSS

CVE•added 2021/09/01 3:15 p.m.•58 views

CVE-2021-36044

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.

7.5CVSS7.4AI score0.02345EPSS

CVE•added 2021/09/01 3:15 p.m.•43 views

CVE-2021-36030

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

7.5CVSS7.5AI score0.01428EPSS