Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-m8cj-3v68-3cxj: Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

ghsa
Open in Source
#vulnerability#git

Skip to content

Navigation Menu

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • GitHub Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles

    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-34102

Magento Open Source affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability

Critical severity GitHub Reviewed Published Jun 13, 2024 to the GitHub Advisory Database • Updated Jun 13, 2024

Package

composer magento/community-edition (Composer)

Affected versions

= 2.4.4

>= 2.4.6-p1, < 2.4.6-p6

>= 2.4.5-p1, < 2.4.5-p8

< 2.4.4-p9

= 2.4.5

= 2.4.6

= 2.4.7

Patched versions

2.4.6-p6

2.4.5-p8

2.4.4-p9

Description

Published to the GitHub Advisory Database

Jun 13, 2024

Last updated

Jun 13, 2024

Related news

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a Tuesday report. Polyfill is a popular library that

ghsa: Latest News

GHSA-6p2q-8qfq-wq7x: Lunary improper access control vulnerability
ghsa