-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3, < 2.3.2 | 2.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability centers on unsafe carrier gateway URL handling leading to SSRF/RCE. The Dhl carrier implementation's request method _doRequest is the most direct attack vector based on Magento's architecture and historical patch context. The collectRates method in core shipping is included as a secondary indicator since it orchestrates carrier interactions. Both would appear in stack traces when processing malicious shipment settings.
A Semantic Attack on Google Gemini - Read the Latest Research