4.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-45119

CVE-2024-45119: Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-45119

CVE-2024-45119:

4.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
magento/community-edition	composer	>= 2.4.7-beta1, < 2.4.7-p3	2.4.7-p3
magento/community-edition	composer	>= 2.4.6-p1, < 2.4.6-p8	2.4.6-p8
magento/community-edition	composer	>= 2.4.5-p1, < 2.4.5-p10	2.4.5-p10
magento/community-edition	composer	< 2.4.4-p11	2.4.4-p11
magento/community-edition	composer	= 2.4.7
magento/community-edition	composer	= 2.4.6
magento/community-edition	composer	= 2.4.5
magento/community-edition	composer	= 2.4.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability requires admin privileges and involves URL injection. Common SSRF vectors in Magento include:

Product import functionality that fetches external images/resources
Admin configuration endpoints that process external URLs While no patch details are available, these components are known to handle URL inputs in admin contexts. The medium confidence reflects the lack of direct code evidence, but aligns with Magento's architecture and prior SSRF patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-45119: Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

CVE-2024-45119:

4.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2024-45119: Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

4.9

4.9

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI