Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-3fr3-gcqh-3m2g

GitHub Security Advisory

Magento Open Source Improper Input Validation vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.

Affected Packages

Packagist magento/community-edition
Affected versions: 2.4.7-beta1 (fixed in 2.4.7-p3)
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p8)
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p10)
Packagist magento/community-edition
Affected versions: 0 (fixed in 2.4.4-p11)
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition

Related CVEs

CVE-2024-45117

Key Information

GHSA ID
GHSA-3fr3-gcqh-3m2g
Published
October 10, 2024 12:31 PM
Last Modified
October 11, 2024 7:11 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
magento/community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.