Security
Headlines

Headlines Latest CVEs

Headline

GHSA-xc5p-773w-m3pm: Magento Open Source Improper Authorization vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.

1 month ago

#vulnerability #git #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2024-45131

Magento Open Source Improper Authorization vulnerability

Moderate severity GitHub Reviewed Published Oct 10, 2024 to the GitHub Advisory Database • Updated Oct 11, 2024

Package

composer magento/community-edition (Composer)

Affected versions

>= 2.4.7-beta1, < 2.4.7-p3

>= 2.4.6-p1, < 2.4.6-p8

>= 2.4.5-p1, < 2.4.5-p10

< 2.4.4-p11

= 2.4.7

= 2.4.6

= 2.4.5

= 2.4.4

Patched versions

2.4.7-p3

2.4.6-p8

2.4.5-p10

2.4.4-p11

Published to the GitHub Advisory Database

Oct 10, 2024

Last updated

Oct 11, 2024

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

1 day ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

1 day ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

1 day ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

1 day ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

1 day ago