5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-38251

CVE-2023-38251: Magento Open Source allows Uncontrolled Resource Consumption

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Uncontrolled Resource Consumption vulnerability that could lead into a minor application denial-of-service. Exploitation of this issue does not require user interaction.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-38251

CVE-2023-38251:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
magento/community-edition	composer	= 2.4.7-beta1	2.4.7-beta2
magento/community-edition	composer	= 2.4.7
magento/community-edition	composer	= 2.4.6
magento/community-edition	composer	= 2.4.5
magento/community-edition	composer	= 2.4.4
magento/community-edition	composer	>= 2.4.6-p1, < 2.4.6-p3	2.4.6-p3
magento/community-edition	composer	>= 2.4.5-p1, < 2.4.5-p5	2.4.5-p5
magento/community-edition	composer	>= 2.4.4-p1, < 2.4.4-p6	2.4.4-p6
magento/project-community-edition	composer	<= 2.0.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information does not include specific technical details about the implementation flaw, commit diffs, or patch details required to identify exact vulnerable functions. While the CWE-400 indicates a resource consumption issue, the advisory and NVD description only mention the impact and affected versions without revealing code context. Without access to the actual code changes between vulnerable and patched versions (e.g., GitHub commits), it's impossible to determine which specific functions lack proper resource control mechanisms (e.g., rate limiting, input validation, or loop safeguards) with high confidence. The vulnerability likely resides in a request processing component, but insufficient evidence exists to pinpoint exact functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-38251: Magento Open Source allows Uncontrolled Resource Consumption

CVE-2023-38251:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-38251: Magento Open Source allows Uncontrolled Resource Consumption

Basic Information

Basic Information

5.3

5.3

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI