Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-6pxh-2557-5cj5

GitHub Security Advisory

Magento Open Source Path Traversal vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

Affected Packages

Packagist magento/community-edition
Affected versions: 2.4.7-p1 (fixed in 2.4.7-p2)
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p7)
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p9)
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 0 (fixed in 2.4.4-p10)
Packagist magento/community-edition

Related CVEs

CVE-2024-39406

Key Information

GHSA ID
GHSA-6pxh-2557-5cj5
Published
August 14, 2024 12:35 PM
Last Modified
September 16, 2024 6:26 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
magento/community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.