Headline
GHSA-j3mh-wx5f-2vhg: Magento Open Source Information Exposure vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-45133
Magento Open Source Information Exposure vulnerability
Moderate severity GitHub Reviewed Published Oct 10, 2024 to the GitHub Advisory Database • Updated Oct 11, 2024
Package
composer magento/community-edition (Composer)
Affected versions
>= 2.4.7-beta1, < 2.4.7-p3
>= 2.4.6-p1, < 2.4.6-p8
>= 2.4.5-p1, < 2.4.5-p10
< 2.4.4-p11
= 2.4.7
= 2.4.6
= 2.4.5
= 2.4.4
Patched versions
2.4.7-p3
2.4.6-p8
2.4.5-p10
2.4.4-p11
Published to the GitHub Advisory Database
Oct 10, 2024
Last updated
Oct 11, 2024