-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisTOCTOU vulnerabilities often occur in file handling workflows. Magento's file upload mechanisms (e.g., product image uploads) are prime candidates because they involve sequential check-and-use operations. The Uploader::save method and Gallery Upload controller are central to these processes. The medium confidence reflects the lack of direct patch details, but these components align with the described vulnerability pattern and Magento's architecture.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p9 | 2.4.6-p9 |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p11 | 2.4.5-p11 |
| magento/community-edition | composer | < 2.4.4-p12 | 2.4.4-p12 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | = 2.4.4 | |
| magento/community-edition | composer | = 2.4.8-beta1 | |
| magento/project-community-edition | composer | <= 2.0.2 |
Ongoing coverage of React2Shell