-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.3.0, < 2.3.4-p2 | 2.3.4-p2 |
| magento/community-edition | composer | < 2.2.12 | 2.2.12 |
| magento/core | composer | < 1.9.4.5 | 1.9.4.5 |
| magento/project-community-edition | composer | <= 2.0.2 |
Miggo AIRoot Cause AnalysisThe analysis focused on identifying functions that were modified in the security patches, particularly those related to input processing, session handling, and security controls. The changes in AccountManagement and the introduction of SessionCleaner suggest a focus on securing customer session handling. Modifications in other areas, such as mediaDirective, indicate fixes for potential path traversal or URL manipulation vulnerabilities.
PHPPHPOngoing coverage of React2Shell