Security
Headlines

Headlines Latest CVEs

Headline

GHSA-5f64-ppmg-cvvm: Magento Open Source Improper Authorization vulnerability

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.

28 days ago

#vulnerability #git #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2024-45132

Magento Open Source Improper Authorization vulnerability

High severity GitHub Reviewed Published Oct 10, 2024 to the GitHub Advisory Database • Updated Oct 11, 2024

Package

composer magento/community-edition (Composer)

Affected versions

>= 2.4.7-beta1, < 2.4.7-p3

>= 2.4.6-p1, < 2.4.6-p8

>= 2.4.5-p1, < 2.4.5-p10

< 2.4.4-p11

= 2.4.7

= 2.4.6

= 2.4.5

= 2.4.4

Patched versions

2.4.7-p3

2.4.6-p8

2.4.5-p10

2.4.4-p11

Published to the GitHub Advisory Database

Oct 10, 2024

Last updated

Oct 11, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

1 hour ago

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

1 hour ago

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

1 hour ago

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

6 hours ago

GHSA-q78v-cv36-8fxj: Devtron has SQL Injection in CreateUser API

6 hours ago