Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-hqgj-4396-hmxv

GitHub Security Advisory

Magento Open Source allows Cross-Site Request Forgery (CSRF)

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.

Affected Packages

Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (fixed in 2.4.6-p4)
Packagist magento/community-edition
Affected versions: 2.4.5-p1 (fixed in 2.4.5-p6)
Packagist magento/community-edition
Affected versions: 2.4.4-p1 (fixed in 2.4.4-p7)
Packagist magento/project-community-edition
Affected versions: 0 (last affected: 2.0.2)

Related CVEs

CVE-2024-20718

Key Information

GHSA ID
GHSA-hqgj-4396-hmxv
Published
February 15, 2024 3:30 PM
Last Modified
March 4, 2025 6:30 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
magento/community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.