Описание
Magento Improper input validation vulnerability
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privilege escalation.
Пакеты
magento/community-edition
< 2.3.7-p4
2.3.7-p4
magento/community-edition
>= 2.4.0, < 2.4.3-p3
2.4.3-p3
magento/community-edition
= 2.4.4
2.4.5
Связанные уязвимости
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.
Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с недостаточной проверкой входных данных, позволяющая нарушителю повысить свои привилегии