CVE-2024-20758 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: =2.4.6 || =2.4.5 || =2.4.4 || >=2.4.7-beta1 <2.4.7 || >=2.4.6-p1 <2.4.6-p5 || >=2.4.5-p1 <2.4.5-p7 || >=2.4.4-p1 <2.4.4-p8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U

EPSS: 0.01208 pctl0.78199

Details

Magento Open Source allows Improper Input Validation Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.

Metadata

Created: 2024-04-10T15:30:40Z
Modified: 2025-03-04T18:54:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-wh4m-6rh3-p4rq/GHSA-wh4m-6rh3-p4rq.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-wh4m-6rh3-p4rq
Finding: F184
Auto approve: 1