Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-7r99-8wqp-h7pc

GitHub Security Advisory

Magento Path Traversal vulnerability

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

Affected Packages

Packagist magento/project-community-edition
Affected versions: 0 (last affected: 2.0.2)
Packagist magento/community-edition
Affected versions: 2.4.7-beta1 (fixed in 2.4.7-p2)
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p7)
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p9)
Packagist magento/community-edition
Affected versions: 2.4.4-p1 (fixed in 2.4.4-p10)
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition

Related CVEs

CVE-2024-39399

Key Information

GHSA ID
GHSA-7r99-8wqp-h7pc
Published
August 14, 2024 12:35 PM
Last Modified
November 6, 2025 5:21 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
magento/project-community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.