VYPR

Bitnami package

magento

pkg:bitnami/magento

Vulnerabilities (96)

  • CVE-2024-34104Jun 13, 2024
    affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access,

  • CVE-2024-34102KEVJun 13, 2024
    affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted

  • CVE-2024-34108Jun 13, 2024
    affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but a

  • CVE-2024-20758Apr 10, 2024
    affected >= 2.4.7-alpha0, < 2.4.7fixed 2.4.7

    Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but t

  • CVE-2024-20759Apr 10, 2024
    affected >= 2.4.7-alpha0, < 2.4.7fixed 2.4.7

    Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be

  • CVE-2021-36036HigSep 6, 2023
    affected < 2.3.7fixed 2.3.7

    Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with

  • CVE-2021-36023CriSep 6, 2023
    affected < 2.3.7fixed 2.3.7

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

  • CVE-2021-36021HigSep 6, 2023
    affected < 2.3.7fixed 2.3.7

    Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability

  • CVE-2022-42344HigOct 20, 2022
    affected < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.

  • CVE-2022-34259MedAug 16, 2022
    affected >= 2.3.0, < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a us

  • CVE-2022-34258MedAug 16, 2022
    affected >= 2.3.0, < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Mali

  • CVE-2022-34257MedAug 16, 2022
    affected >= 2.3.0, < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may b

  • CVE-2022-34256HigAug 16, 2022
    affected >= 2.3.0, < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitatio

  • CVE-2022-34255HigAug 16, 2022
    affected >= 2.3.0, < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform

  • CVE-2022-34254HigAug 16, 2022
    affected >= 2.3.0, < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the

  • CVE-2022-34253HigAug 16, 2022
    affected >= 2.3.0, < 2.3.7fixed 2.3.7

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploita

  • CVE-2022-24086CriKEVFeb 16, 2022
    affected < 2.3.0fixed 2.3.0

    Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

  • CVE-2021-28567MedSep 8, 2021
    affected < 2.4.3fixed 2.4.3

    Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin consol

  • CVE-2021-28566LowSep 8, 2021
    affected < 2.4.3fixed 2.4.3

    Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by a

  • CVE-2021-28585MedJun 28, 2021
    affected < 2.3.6fixed 2.3.6

    Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails.

Page 2 of 5