VYPR

Bitnami package

magento

pkg:bitnami/magento

Vulnerabilities (96)

  • CVE-2020-9585CriJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9584MedJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2020-9583CriJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9582CriJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9581MedJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2020-9580CriJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9579CriJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9578CriJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9577MedJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .

  • CVE-2020-9576CriJun 26, 2020
    affected >= 2.2.0, < 2.2.12fixed 2.2.12

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3758MedJan 29, 2020
    affected >= 2.2.0, < 2.2.11fixed 2.2.11

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2020-3719HigJan 29, 2020
    affected >= 2.2.0, < 2.2.11fixed 2.2.11

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2020-3718CriJan 29, 2020
    affected >= 2.2.0, < 2.2.11fixed 2.2.11

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3717MedJan 29, 2020
    affected >= 2.2.0, < 2.2.11fixed 2.2.11

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2020-3716CriJan 29, 2020
    affected >= 2.2.0, < 2.2.11fixed 2.2.11

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3715MedJan 29, 2020
    affected >= 2.2.0, < 2.2.11fixed 2.2.11

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Page 5 of 5