Skip to content

Commit e5079b7

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2ff6-837j-hg5x GHSA-8frp-pxq2-3gpq GHSA-2ff6-837j-hg5x GHSA-8frp-pxq2-3gpq
1 parent 5312e65 commit e5079b7

File tree

4 files changed

+346
-72
lines changed

4 files changed

+346
-72
lines changed

advisories/github-reviewed/2024/08/GHSA-2ff6-837j-hg5x/GHSA-2ff6-837j-hg5x.json

Lines changed: 173 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,173 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2ff6-837j-hg5x",
4+
"modified": "2025-11-06T16:57:44Z",
5+
"published": "2024-08-14T12:35:01Z",
6+
"aliases": [
7+
"CVE-2024-39402"
8+
],
9+
"summary": "Magento OS Command ('OS Command Injection') vulnerability",
10+
"details": "Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.7-beta1"
48+
},
49+
{
50+
"fixed": "2.4.7-p2"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.6-p1"
67+
},
68+
{
69+
"fixed": "2.4.6-p7"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.4.5-p1"
86+
},
87+
{
88+
"fixed": "2.4.5-p9"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "2.4.4-p1"
105+
},
106+
{
107+
"fixed": "2.4.4-p10"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Packagist",
116+
"name": "magento/community-edition"
117+
},
118+
"versions": [
119+
"2.4.7"
120+
]
121+
},
122+
{
123+
"package": {
124+
"ecosystem": "Packagist",
125+
"name": "magento/community-edition"
126+
},
127+
"versions": [
128+
"2.4.6"
129+
]
130+
},
131+
{
132+
"package": {
133+
"ecosystem": "Packagist",
134+
"name": "magento/community-edition"
135+
},
136+
"versions": [
137+
"2.4.5"
138+
]
139+
},
140+
{
141+
"package": {
142+
"ecosystem": "Packagist",
143+
"name": "magento/community-edition"
144+
},
145+
"versions": [
146+
"2.4.4"
147+
]
148+
}
149+
],
150+
"references": [
151+
{
152+
"type": "ADVISORY",
153+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39402"
154+
},
155+
{
156+
"type": "PACKAGE",
157+
"url": "https://github.com/magento/magento2"
158+
},
159+
{
160+
"type": "WEB",
161+
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
162+
}
163+
],
164+
"database_specific": {
165+
"cwe_ids": [
166+
"CWE-78"
167+
],
168+
"severity": "HIGH",
169+
"github_reviewed": true,
170+
"github_reviewed_at": "2025-11-06T16:57:44Z",
171+
"nvd_published_at": "2024-08-14T12:15:25Z"
172+
}
173+
}

advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json

Lines changed: 173 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,173 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8frp-pxq2-3gpq",
4+
"modified": "2025-11-06T16:57:32Z",
5+
"published": "2024-08-14T12:35:01Z",
6+
"aliases": [
7+
"CVE-2024-39401"
8+
],
9+
"summary": "Magento OS Command ('OS Command Injection') vulnerability",
10+
"details": "Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.7-beta1"
48+
},
49+
{
50+
"fixed": "2.4.7-p2"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.6-p1"
67+
},
68+
{
69+
"fixed": "2.4.6-p7"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.4.5-p1"
86+
},
87+
{
88+
"fixed": "2.4.5-p9"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "2.4.4-p1"
105+
},
106+
{
107+
"fixed": "2.4.4-p10"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Packagist",
116+
"name": "magento/community-edition"
117+
},
118+
"versions": [
119+
"2.4.7"
120+
]
121+
},
122+
{
123+
"package": {
124+
"ecosystem": "Packagist",
125+
"name": "magento/community-edition"
126+
},
127+
"versions": [
128+
"2.4.6"
129+
]
130+
},
131+
{
132+
"package": {
133+
"ecosystem": "Packagist",
134+
"name": "magento/community-edition"
135+
},
136+
"versions": [
137+
"2.4.5"
138+
]
139+
},
140+
{
141+
"package": {
142+
"ecosystem": "Packagist",
143+
"name": "magento/community-edition"
144+
},
145+
"versions": [
146+
"2.4.4"
147+
]
148+
}
149+
],
150+
"references": [
151+
{
152+
"type": "ADVISORY",
153+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39401"
154+
},
155+
{
156+
"type": "PACKAGE",
157+
"url": "https://github.com/magento/magento2"
158+
},
159+
{
160+
"type": "WEB",
161+
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
162+
}
163+
],
164+
"database_specific": {
165+
"cwe_ids": [
166+
"CWE-78"
167+
],
168+
"severity": "HIGH",
169+
"github_reviewed": true,
170+
"github_reviewed_at": "2025-11-06T16:57:32Z",
171+
"nvd_published_at": "2024-08-14T12:15:25Z"
172+
}
173+
}

advisories/unreviewed/2024/08/GHSA-2ff6-837j-hg5x/GHSA-2ff6-837j-hg5x.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)