magento/community-edition vulnerabilities

licenses detected
- (AFL-3.0 OR OSL-3.0)
  >=0

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the magento/community-edition package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Improper Input Validation	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Time-of-check Time-of-use (TOCTOU) Race Condition	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Improper Authorization	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Server-side Request Forgery (SSRF)	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Cross-site Scripting (XSS)	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Cross-site Scripting (XSS)	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
H Improper Authorization	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Improper Authorization	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Information Exposure	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Incorrect Authorization	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Access Control Bypass	<2.4.4-p11 >=2.4.5-p1, <2.4.5-p10 >=2.4.6-p1, <2.4.6-p8 >=2.4.7-beta1, <2.4.7-p3
M Cross-Site Request Forgery (CSRF)	<2.4.4-p10 >=2.4.5-p1, <2.4.5-p9 >=2.4.6-p1, <2.4.6-p7 >=2.4.7-p1, <2.4.7-p2
M Cross-Site Request Forgery (CSRF)	<2.4.4-p10 >=2.4.5-p1, <2.4.5-p9 >=2.4.6-p1, <2.4.6-p7 >=2.4.7-p1, <2.4.7-p2
M Improper Authorization	<2.4.4-p10 >=2.4.5-p1, <2.4.5-p9 >=2.4.6-p1, <2.4.6-p7 >=2.4.7-p1, <2.4.7-p2
M Cross-Site Request Forgery (CSRF)	<2.4.4-p10 >=2.4.5-p1, <2.4.5-p9 >=2.4.6-p1, <2.4.6-p7 >=2.4.7-p1, <2.4.7-p2
H Path Traversal	>=2.4.7-p1, <2.4.7-p2 >=2.4.6-p1, <2.4.6-p7 >=2.4.5-p1, <2.4.5-p9 <2.4.4-p10
M Cross-site Scripting (XSS)	<2.4.4-p9 >=2.4.5-p1, <2.4.5-p8 >=2.4.6-p1, <2.4.6-p6 >=2.4.7-beta1, <2.4.7-p1
M Incorrect Authorization	<2.4.4-p9 >=2.4.5-p1, <2.4.5-p8 >=2.4.6-p1, <2.4.6-p6 >=2.4.7-beta1, <2.4.7-p1
M Improper Access Control	<2.4.4-p9 >=2.4.5-p1, <2.4.5-p8 >=2.4.6-p1, <2.4.6-p6 >=2.4.7-beta1, <2.4.7-p1
H Improper Authorization	<2.4.4-p9 >=2.4.5-p1, <2.4.5-p8 >=2.4.6-p1, <2.4.6-p6 >=2.4.7-beta1, <2.4.7-p1
H Server-Side Request Forgery (SSRF)	<2.4.4-p9 >=2.4.5-p1, <2.4.5-p8 >=2.4.6-p1, <2.4.6-p6 >=2.4.7-beta1, <2.4.7-p1
C Improper Authentication	<2.4.4-p9 >=2.4.5-p1, <2.4.5-p8 >=2.4.6-p1, <2.4.6-p6 >=2.4.7-beta1, <2.4.7-p1
C XML External Entity (XXE) Injection	<2.4.4-p9 >=2.4.5, <2.4.5-p8 >=2.4.6, <2.4.6-p6 >=2.4.7, <2.4.7-p1
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	>=2.1, <2.1.15 >=2.2, <2.2.6
M Insecure Defaults	>=2.2.0, <2.2.10 >=2.3.0, <2.3.3
M Cross-site Scripting (XSS)	<2.4.4-p2 >=2.4.5, <2.4.5-p1
H Improper Input Validation	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
M Improper Access Control	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
L Cross-site Scripting (XSS)	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
M Cross-site Scripting (XSS)	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
L Improper Authorization	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
H Improper Authorization	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
C Improper Input Validation	<2.3.7-p3 >=2.4.3, <2.4.3-p2
M Improper Access Control	<2.4.4-p2 >=2.4.5, <2.4.5-p1
H Improper Input Validation	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
H Path Traversal	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
C XML Injection	<2.3.7-p4 >=2.4.0, <2.4.3-p3 >=2.4.4, <2.4.4-p1
C Improper Input Validation	>=0.0.0
H Improper Input Validation	>=2.3.3-p1, <2.3.7-p3 >=2.4.0, <2.4.3-p2
M Cross-site Request Forgery (CSRF)	<2.3.7-p2 >=2.4.0, <2.4.3-p1
M Security Bypass	>=2.4.0, <2.4.2-p2 <2.3.7-p1
C Arbitrary Code Execution	>=2.4.0, <2.4.2-p2 <2.3.7-p1
H Denial of Service (DoS)	>=2.4.0, <2.4.2-p2 <2.3.7-p1
C Improper Authorization	>=2.4.0, <2.4.2-p2 <2.3.7-p1
C Arbitrary Code Execution	>=2.4.0, <2.4.2-p2 <2.3.7-p1
M Improper Authorization	>=2.4.0, <2.4.2-p2 <2.3.7-p1
H Privilege Escalation	>=2.4.0, <2.4.2-p2 <2.3.7-p1
M Cross-site Scripting (XSS)	>=2.4.0, <2.4.2-p2 <2.3.7-p1
H XML Injection	>=2.4.0, <2.4.2-p2 <2.3.7-p1
M Improper Input Validation	>=2.4.0, <2.4.2-p2 <2.3.7-p1
M Server-side Request Forgery (SSRF)	>=2.4.0, <2.4.2-p2 <2.3.7-p1
M Improper Input Validation	>=2.4.0, <2.4.2-p2 <2.3.7-p1
C XML Injection	>=2.4.0, <2.4.2-p2 <2.3.7-p1
H Improper Input Validation	>=2.4.0, <2.4.2-p2 <2.3.7-p1
H Directory Traversal	>=2.4.0, <2.4.2-p2 <2.3.7-p1
H XML Injection	>=2.4.0, <2.4.2-p2 <2.3.7-p1
L Information Exposure	>=2.4.0, <2.4.2-p1 <2.3.7
M Improper Authorization	>=2.4.0, <2.4.2-p1 <2.3.7
M Improper Input Validation	>=2.4.0, <2.4.2-p1 <2.3.7
M Authorization Bypass	>=2.4.0, <2.4.2-p1 <2.3.7
M Improper Authorization	>=2.4.0, <2.4.2-p1 <2.3.7
M Cross-site Scripting (XSS)	>=2.4.0, <2.4.2-p1 <2.3.7
M Directory Traversal	>=2.4.0, <2.4.2-p1 <2.3.7
M Session Fixation	<2.3.6-p1 >=2.4.0, <2.4.2
M Cross-site Scripting (XSS)	<2.3.6-p1 >=2.4.0, <2.4.2
M Cross-site Scripting (XSS)	<2.3.6-p1 >=2.4.0, <2.4.2
H XML External Entity (XXE) Injection	<2.3.6-p1 >=2.4.0, <2.4.2
H Access Restriction Bypass	<2.3.6-p1 >=2.4.0, <2.4.2
H Access Restriction Bypass	<2.3.6-p1 >=2.4.0, <2.4.2
M Improper Access Control	<2.3.6-p1 >=2.4.0, <2.4.2
H Arbitrary File Upload	<2.3.6-p1 >=2.4.0, <2.4.2
H Cross-site Request Forgery (CSRF)	<2.3.6-p1 >=2.4.0, <2.4.2
M Access Restriction Bypass	<2.3.6-p1 >=2.4.0, <2.4.2
H Improper Input Validation	<2.3.6-p1 >=2.4.0, <2.4.2
L Improper Authorization	<2.3.6-p1 >=2.4.0, <2.4.2
M Cross-site Scripting (XSS)	<2.3.6-p1 >=2.4.0, <2.4.2
L SQL Injection	<2.3.6-p1 >=2.4.0, <2.4.2
H Access Restriction Bypass	<2.3.6-p1 >=2.4.0, <2.4.2
M Session Fixation	<2.3.6-p1 >=2.4.0, <2.4.2
M Insecure Direct Object Reference	>=2.1.0, <2.1.17 >=2.2.0, <2.2.8 >=2.3.0, <2.3.1
C Remote Code Execution (RCE)	>=2.3.0, <2.3.3
M Observable Timing Discrepancy	<2.3.5-p2
C Cross-site Scripting (XSS)	<2.3.5-p2
H Security Bypass	<2.3.5-p2
H Directory Traversal	<2.3.5-p2
H Cross-site Scripting (XSS)	<1.9.4.4
H SQL Injection	<1.9.4.4
H Arbitrary Code Execution	<1.9.4.4
H Directory Traversal	<1.9.4.4
H Cross-site Scripting (XSS)	<1.9.4.4
H Deserialization of Untrusted Data	<1.9.4.4
H Security Bypass	<1.9.4.5
H Security Bypass	<1.9.4.5
M Privilege Escalation	<1.9.4.4
H Authorization Bypass	>=2.3.5, <2.3.5-p1 <2.3.4-p2
M Command Injection	>=2.3.5, <2.3.5-p1 <2.3.4-p2
M Arbitrary Code Execution	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Cross-site Scripting (XSS)	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Command Injection	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Improper Authorization	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Command Injection	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Arbitrary Code Execution	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Command Injection	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Arbitrary Code Execution	<1.9.4.5
H Cross-site Scripting (XSS)	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Cross-site Scripting (XSS)	>=2.3.5, <2.3.5-p1 <2.3.4-p2
M Signature Validation Bypass	<1.9.4.5
C Arbitrary Code Execution	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
M Race Condition	>=2.3, <2.3.3
H SQL Injection	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
H SQL Injection	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
H SQL Injection	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
H SQL Injection	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Remote Code Execution (RCE)	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Remote Code Execution (RCE)	>=2.1, <2.1.19 >=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Remote Code Execution (RCE)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
M Remote Code Execution (RCE)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
M XML External Entity (XXE) Injection	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
M XML External Entity (XXE) Injection	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
M Security Bypass	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
M Unrestricted File Upload	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Information Exposure	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Improper Authentication	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Improper Authentication	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
M Improper Authorization	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
L Inadequate Encryption Strength	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
L Inadequate Encryption Strength	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Security Bypass	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Security Bypass	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Arbitrary File Deletion	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Arbitrary File Deletion	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Cross-site Scripting (XSS)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
H Server-side Request Forgery (SSRF)	>=2.2, <2.2.10 >=2.3, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.2.0, <2.2.10 >=2.3.0, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.2.0, <2.2.10 >=2.3.0, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.2.0, <2.2.10 >=2.3.0, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.1.0, <2.1.19 >=2.2.0, <2.2.10 >=2.3.0, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.2.0, <2.2.10 >=2.3.0, <2.3.2-p2
C Remote Code Execution (RCE)	>=2.2.0, <2.2.10 >=2.3.0, <2.3.2-p2
M Information Exposure	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
L Session Fixation	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Security Bypass (PHP script injection)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Resource Injection	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Information Exposure	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Security Bypass (IDOR)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Inadequate Encryption Strength	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Inadequate Encryption Strength	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
L Inadequate Encryption Strength	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Server-side Request Forgery (SSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Server-side Request Forgery (SSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Denial of Service (DoS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Remote Code Execution	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Remote Code Execution	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Remote Code Execution	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Request Forgery (CSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Request Forgery (CSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Information Exposure	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
L Arbitrary File Upload	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Request Forgery (CSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Remote Code Execution	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Remote Code Execution	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Remote Code Execution	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Resource Injection	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
L Inadequate Encryption Strength	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M SQL Injection	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Improper Input Validation	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Privilege Escalation	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Arbitrary Code Execution	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
L Cross-site Request Forgery (CSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Remote Code Execution (RCE)	>=2.1.0, <2.1.18 >=2.2.2, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.2, <2.2.9 >=2.3.0, <2.3.2
M Information Exposure	>=2.1.0, <2.1.18 >=2.2.2, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.2, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Request Forgery (CSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Improper Access Control	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Directory Traversal	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
C Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Resource Injection	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Information Exposure	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Unsafe File Upload	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Information Exposure	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Information Exposure	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Denial of Service (DoS)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Request Forgery (CSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
H Server-side Request Forgery (SSRF)	>=2.1.0, <2.1.18 >=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.1.0, <2.1.18 >=2.2.2, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Cross-site Scripting (XSS)	>=2.2.0, <2.2.9 >=2.3.0, <2.3.2
M Script Injections	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Information Exposure	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Information Disclousure	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Information Exposure	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Information Exposure	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Request Forgery (CSRF)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Request Forgery (CSRF)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
L Cross-site Request Forgery (CSRF)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Request Forgery (CSRF)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M SQL Injection	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Privilege Escalation	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Authentication Bypass	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
M Information Exposure	>=2.1, <2.1.17
H Remote Code Execution	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
H Remote Code Execution	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
H Remote Code Execution	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
H Cross-site Scripting (XSS)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
H SQL Injection	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
H Remote Code Execution (RCE)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
H Remote Code Execution (RCE)	>=2.1, <2.1.17 >=2.2, <2.2.8 >=2.3, <2.3.1
C SQL Injection	>2.0.0, <2.1.17 >2.2.0, <2.2.8 >2.3.0, <2.3.1
H Insecure Encryption	<2.2.5

magento/community-edition vulnerabilities

licenses detected

Direct Vulnerabilities