Skip to content

Commit c7c41ab

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-52fg-wjxm-pp44 GHSA-7r99-8wqp-h7pc GHSA-52fg-wjxm-pp44 GHSA-7r99-8wqp-h7pc
1 parent 9039cc2 commit c7c41ab

File tree

4 files changed

+346
-72
lines changed

4 files changed

+346
-72
lines changed

advisories/github-reviewed/2024/08/GHSA-52fg-wjxm-pp44/GHSA-52fg-wjxm-pp44.json

Lines changed: 173 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,173 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-52fg-wjxm-pp44",
4+
"modified": "2025-11-06T17:21:44Z",
5+
"published": "2024-08-14T12:35:01Z",
6+
"aliases": [
7+
"CVE-2024-39400"
8+
],
9+
"summary": "Magento DOM-based Cross-Site Scripting (XSS) vulnerability",
10+
"details": "Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.7-beta1"
48+
},
49+
{
50+
"fixed": "2.4.7-p2"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.6-p1"
67+
},
68+
{
69+
"fixed": "2.4.6-p7"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.4.5-p1"
86+
},
87+
{
88+
"fixed": "2.4.5-p9"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "2.4.4-p1"
105+
},
106+
{
107+
"fixed": "2.4.4-p10"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Packagist",
116+
"name": "magento/community-edition"
117+
},
118+
"versions": [
119+
"2.4.7"
120+
]
121+
},
122+
{
123+
"package": {
124+
"ecosystem": "Packagist",
125+
"name": "magento/community-edition"
126+
},
127+
"versions": [
128+
"2.4.6"
129+
]
130+
},
131+
{
132+
"package": {
133+
"ecosystem": "Packagist",
134+
"name": "magento/community-edition"
135+
},
136+
"versions": [
137+
"2.4.5"
138+
]
139+
},
140+
{
141+
"package": {
142+
"ecosystem": "Packagist",
143+
"name": "magento/community-edition"
144+
},
145+
"versions": [
146+
"2.4.4"
147+
]
148+
}
149+
],
150+
"references": [
151+
{
152+
"type": "ADVISORY",
153+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39400"
154+
},
155+
{
156+
"type": "PACKAGE",
157+
"url": "https://github.com/magento/magento2"
158+
},
159+
{
160+
"type": "WEB",
161+
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
162+
}
163+
],
164+
"database_specific": {
165+
"cwe_ids": [
166+
"CWE-79"
167+
],
168+
"severity": "HIGH",
169+
"github_reviewed": true,
170+
"github_reviewed_at": "2025-11-06T17:21:44Z",
171+
"nvd_published_at": "2024-08-14T12:15:24Z"
172+
}
173+
}

advisories/github-reviewed/2024/08/GHSA-7r99-8wqp-h7pc/GHSA-7r99-8wqp-h7pc.json

Lines changed: 173 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,173 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7r99-8wqp-h7pc",
4+
"modified": "2025-11-06T17:21:29Z",
5+
"published": "2024-08-14T12:35:01Z",
6+
"aliases": [
7+
"CVE-2024-39399"
8+
],
9+
"summary": "Magento Path Traversal vulnerability",
10+
"details": "Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.7-beta1"
48+
},
49+
{
50+
"fixed": "2.4.7-p2"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.6-p1"
67+
},
68+
{
69+
"fixed": "2.4.6-p7"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.4.5-p1"
86+
},
87+
{
88+
"fixed": "2.4.5-p9"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "2.4.4-p1"
105+
},
106+
{
107+
"fixed": "2.4.4-p10"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Packagist",
116+
"name": "magento/community-edition"
117+
},
118+
"versions": [
119+
"2.4.7"
120+
]
121+
},
122+
{
123+
"package": {
124+
"ecosystem": "Packagist",
125+
"name": "magento/community-edition"
126+
},
127+
"versions": [
128+
"2.4.6"
129+
]
130+
},
131+
{
132+
"package": {
133+
"ecosystem": "Packagist",
134+
"name": "magento/community-edition"
135+
},
136+
"versions": [
137+
"2.4.5"
138+
]
139+
},
140+
{
141+
"package": {
142+
"ecosystem": "Packagist",
143+
"name": "magento/community-edition"
144+
},
145+
"versions": [
146+
"2.4.4"
147+
]
148+
}
149+
],
150+
"references": [
151+
{
152+
"type": "ADVISORY",
153+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39399"
154+
},
155+
{
156+
"type": "PACKAGE",
157+
"url": "https://github.com/magento/magento2"
158+
},
159+
{
160+
"type": "WEB",
161+
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
162+
}
163+
],
164+
"database_specific": {
165+
"cwe_ids": [
166+
"CWE-22"
167+
],
168+
"severity": "HIGH",
169+
"github_reviewed": true,
170+
"github_reviewed_at": "2025-11-06T17:21:29Z",
171+
"nvd_published_at": "2024-08-14T12:15:24Z"
172+
}
173+
}

advisories/unreviewed/2024/08/GHSA-52fg-wjxm-pp44/GHSA-52fg-wjxm-pp44.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)