magento/project-community-edition
Packagist127 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting magento/project-community-editionpage 2 of 3
- CVE-2021-36031HIGHCVSS 7.2EG 7.22021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vu…
- CVE-2021-36032HIGHCVSS 8.3EG 8.32021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/…
- CVE-2021-36033CRITICALCVSS 9.1EG 9.12021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to…
- CVE-2021-36034CRITICALCVSS 9.1EG 9.12021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remo…
- CVE-2021-36036HIGHCVSS 7.2EG 7.22023-09-06
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the websit…
- CVE-2021-36037MEDIUMCVSS 6.5EG 6.52021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitiv…
- CVE-2021-36038MEDIUMCVSS 6.5EG 6.52021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerabili…
- CVE-2021-36039MEDIUMCVSS 6.5EG 6.52021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sens…
- CVE-2021-36040CRITICALCVSS 9.1EG 9.12021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file …
- CVE-2021-36041CRITICALCVSS 9.1EG 9.12021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/m…
- CVE-2021-36042CRITICALCVSS 9.1EG 9.12021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve…
- CVE-2021-36043HIGHCVSS 8.0EG 8.02021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remo…
- CVE-2021-36044HIGHCVSS 7.5EG 7.52021-09-01
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side den…
- CVE-2021-39864MEDIUMCVSS 6.5EG 6.52021-10-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized a…
- CVE-2022-24093CRITICALCVSS 9.1EG 9.12023-09-12
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication ar…
- CVE-2022-35689MEDIUMCVSS 5.3EG 5.32022-10-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the ava…
- CVE-2022-35692MEDIUMCVSS 5.3EG 5.32022-08-19
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnera…
- CVE-2022-35698CRITICALCVSS 10.0EG 10.02022-10-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbi…
- CVE-2023-22247HIGHCVSS 7.5EG 7.52023-03-27
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary…
- CVE-2023-22248HIGHCVSS 7.5EG 7.52023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnera…
- CVE-2023-22250MEDIUMCVSS 5.3EG 5.32023-03-27
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the …
- CVE-2023-22251MEDIUMCVSS 4.3EG 4.32023-03-27
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disc…
- CVE-2023-26366MEDIUMCVSS 6.8EG 6.82023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. …
- CVE-2023-26367MEDIUMCVSS 4.9EG 4.92023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an adm…
- CVE-2023-29287MEDIUMCVSS 5.3EG 5.32023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerabilit…
- CVE-2023-29288MEDIUMCVSS 4.3EG 4.32023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage th…
- CVE-2023-29289MEDIUMCVSS 6.5EG 6.52023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature byp…
- CVE-2023-29290MEDIUMCVSS 5.3EG 5.32023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnera…
- CVE-2023-29291MEDIUMCVSS 4.9EG 4.92023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticat…
- CVE-2023-29292MEDIUMCVSS 4.9EG 4.92023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticat…
- CVE-2023-29293LOWCVSS 2.7EG 2.72023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could le…
- CVE-2023-29294MEDIUMCVSS 4.3EG 4.32023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage t…
- CVE-2023-29295MEDIUMCVSS 4.3EG 4.32023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverag…
- CVE-2023-29296MEDIUMCVSS 4.3EG 4.32023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverag…
- CVE-2023-29297CRITICALCVSS 9.1EG 9.12023-06-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code executio…
- CVE-2023-38207HIGHCVSS 7.5EG 7.52023-08-09
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation o…
- CVE-2023-38208CRITICALCVSS 9.1EG 9.12023-08-09
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead t…
- CVE-2023-38209MEDIUMCVSS 6.5EG 6.52023-08-09
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could levera…
- CVE-2023-38218HIGHCVSS 8.8EG 8.82023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exp…
- CVE-2023-38219HIGHCVSS 8.7EG 8.72023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacke…
- CVE-2023-38220HIGHCVSS 7.5EG 7.52023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that…
- CVE-2023-38221HIGHCVSS 8.0EG 8.02023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabil…
- CVE-2023-38249HIGHCVSS 8.0EG 8.02023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabil…
- CVE-2023-38250HIGHCVSS 8.0EG 8.02023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabil…
- CVE-2023-38251MEDIUMCVSS 5.3EG 5.32023-10-13
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-s…
- CVE-2024-20716MEDIUMCVSS 4.9EG 4.92024-02-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnera…
- CVE-2024-20718MEDIUMCVSS 4.3EG 4.32024-02-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a vic…
- CVE-2024-20719CRITICALCVSS 9.1EG 9.12024-02-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaS…
- CVE-2024-20720CRITICALCVSS 9.1EG 9.12024-02-15
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an …
- CVE-2024-20758CRITICALCVSS 9.0EG 9.02024-04-10
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue…
Check whether magento/project-community-edition is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for magento/project-community-edition CVEs against the assets you own.
Start Free Scan →