Количество 3
Количество 3
CVE-2023-26366
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.
GHSA-8jxc-5f94-22vh
Magento Open Source allows Server-Side Request Forgery (SSRF)
BDU:2023-06796
Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю осуществить SSRF-атаку
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-26366 Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary. | CVSS3: 6.8 | 0% Низкий | больше 2 лет назад |
| GHSA-8jxc-5f94-22vh Magento Open Source allows Server-Side Request Forgery (SSRF) | CVSS3: 6.8 | 0% Низкий | больше 2 лет назад |
 | BDU:2023-06796 Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю осуществить SSRF-атаку | CVSS3: 6.8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу