GHSA-8frp-pxq2-3gpq

Source

https://github.com/advisories/GHSA-8frp-pxq2-3gpq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8frp-pxq2-3gpq

Aliases

CVE-2024-39401

Published

2024-08-14T12:35:01Z

Modified

2025-11-06T17:27:41.808827Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Magento OS Command ('OS Command Injection') vulnerability

Details

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

Database specific

{
    "nvd_published_at": "2024-08-14T12:15:25Z",
    "github_reviewed_at": "2025-11-06T16:57:32Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

Packagist

magento/project-community-edition

Package

Name: magento/project-community-edition
Purl: pkg:composer/magento/project-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.0.2

Affected versions

0.*

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.42.0-beta1

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.42.0-beta10

0.42.0-beta11

0.74.0-beta1

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

1.*

1.0.0-beta

2.*

2.0.0-rc

2.0.0-rc2

2.0.0

2.0.1

2.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.7-beta1

Fixed

2.4.7-p2

Affected versions

2.*

2.4.7-beta1

2.4.7-beta2

2.4.7-beta3

2.4.7

2.4.7-p1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.6-p1

Fixed

2.4.6-p7

Affected versions

2.*

2.4.6-p1

2.4.6-p2

2.4.6-p3

2.4.6-p4

2.4.6-p5

2.4.6-p6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.5-p1

Fixed

2.4.5-p9

Affected versions

2.*

2.4.5-p1

2.4.5-p2

2.4.5-p3

2.4.5-p4

2.4.5-p5

2.4.5-p6

2.4.5-p7

2.4.5-p8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.4-p1

Fixed

2.4.4-p10

Affected versions

2.*

2.4.4-p1

2.4.4-p2

2.4.4-p3

2.4.4-p4

2.4.4-p5

2.4.4-p6

2.4.4-p7

2.4.4-p8

2.4.4-p9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-8frp-pxq2-3gpq/GHSA-8frp-pxq2-3gpq.json"