-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability pattern suggests missing CSRF protections in state-changing endpoints. While exact patch details are unavailable, analysis focuses on: 1) Common user interaction points mentioned in advisories 2) Magento's typical CSRF protection patterns using @Csrf annotations 3) Controller actions handling minor data modifications matching 'unauthorized actions' description 4) Historical CSRF issues in customer-facing endpoints. Confidence is medium due to indirect evidence but strong correlation with Magento's security patterns.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-p1, < 2.4.7-p2 | 2.4.7-p2 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p7 | 2.4.6-p7 |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p9 | 2.4.5-p9 |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | < 2.4.4-p10 | 2.4.4-p10 |
| magento/community-edition | composer | = 2.4.4 |
PHPPHPOngoing coverage of React2Shell