GHSA-7gpv-xrjr-f5h4

Source

https://github.com/advisories/GHSA-7gpv-xrjr-f5h4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7gpv-xrjr-f5h4/GHSA-7gpv-xrjr-f5h4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7gpv-xrjr-f5h4

Aliases

Published

2022-05-24T19:06:24Z

Modified

2024-02-16T08:17:10.382514Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Magento Path Traversal vulnerability

Details

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.

Database specific

{
    "nvd_published_at": "2021-06-28T14:15:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-11T19:48:31Z"
}

References

Affected packages

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.0

Fixed

2.4.2-p1

Affected versions

2.*

2.4.0

2.4.0-p1

2.4.1

2.4.1-p1

2.4.2

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.7

Affected versions

0.*

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.42.0-beta1

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.42.0-beta10

0.42.0-beta11

0.74.0-beta1

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

1.*

1.0.0-beta

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-beta5

1.0.0-beta6

2.*

2.0.0-rc

2.0.0-rc2

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.3.0

2.3.1

2.3.2

2.3.2-p2

2.3.3

2.3.3-p1

2.3.4

2.3.4-p2

2.3.5

2.3.5-p1

2.3.5-p2

2.3.6

2.3.6-p1