GHSA-rpc7-gf58-v3x2
GitHub Security Advisory
Magento Open Source allows Incorrect Authorization
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
Affected Packages
Packagist
magento/community-edition
Affected versions:
2.4.7-beta1
(fixed in 2.4.7-beta2)
Packagist
magento/community-edition
Packagist
magento/community-edition
Packagist
magento/community-edition
Packagist
magento/community-edition
Affected versions:
2.4.6-p1
(fixed in 2.4.6-p3)
Packagist
magento/community-edition
Affected versions:
2.4.5-p1
(fixed in 2.4.5-p5)
Packagist
magento/community-edition
Affected versions:
2.4.4-p1
(fixed in 2.4.4-p6)
Packagist
magento/project-community-edition
Affected versions:
0
(last affected: 2.0.2)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 31, 2025 6:36 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.