Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-8jxc-5f94-22vh

GitHub Security Advisory

Magento Open Source allows Server-Side Request Forgery (SSRF)

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.

Affected Packages

Packagist magento/community-edition
Affected versions: 2.4.7-beta1 (fixed in 2.4.7-beta2)
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p3)
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p5)
Packagist magento/community-edition
Affected versions: 2.4.4-p1 (fixed in 2.4.4-p6)
Packagist magento/project-community-edition
Affected versions: 0 (last affected: 2.0.2)

Related CVEs

CVE-2023-26366

Key Information

GHSA ID
GHSA-8jxc-5f94-22vh
Published
October 13, 2023 9:30 AM
Last Modified
March 4, 2025 6:20 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
magento/community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.