magento/core vulnerabilities

Known vulnerabilities in the magento/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Authorization	<2.3.6>=2.4.0, <2.4.1
H Remote Code Execution (RCE)	<2.3.6>=2.4.0, <2.4.1
L Information Exposure	<2.3.6>=2.4.0, <2.4.1
M Improper Authorization	<2.3.6>=2.4.0, <2.4.1
M Insufficient Validation	<2.3.6>=2.4.0, <2.4.1
M Improper Authorization	<2.3.6>=2.4.0, <2.4.1
H SQL Injection	<2.3.6>=2.4.0, <2.4.1
H Cross-site Scripting (XSS)	<2.3.6>=2.4.0, <2.4.1
L Improper Authorization	<2.3.6>=2.4.0, <2.4.1
M Cross-Site Request Forgery (CSRF)	<2.0.10>=2.1.0, <2.1.2
H Cross-site Scripting (XSS)	>=0.0.0
H Cross-site Scripting (XSS)	>=2.3.0, <2.3.3<2.2.10
H SQL Injection	>=2.3.0, <2.3.4<2.2.11
H Arbitrary Code Execution	>=2.3.0, <2.3.4<2.2.11
H Directory Traversal	>=2.3.0, <2.3.4<2.2.11
H Cross-site Scripting (XSS)	>=2.3.0, <2.3.4<2.2.11
H Deserialization of Untrusted Data	>=2.3.0, <2.3.4<2.2.11
H Security Bypass	<2.3.4-p2
H Security Bypass	<2.3.4-p2
M Privilege Escalation	<2.2.11>=2.3.0, <2.3.4
H Authorization Bypass	<1.9.4.5
M Command Injection	<1.9.4.5
M Arbitrary Code Execution	<1.9.4.5
H Cross-site Scripting (XSS)	<1.9.4.5
H Command Injection	<1.9.4.5
H Improper Authorization	<1.9.4.5
H Command Injection	<1.9.4.5
H Arbitrary Code Execution	<1.9.4.5
H Command Injection	<1.9.4.5
H Arbitrary Code Execution	>=2.3.5, <2.3.5-p1<2.3.4-p2
H Cross-site Scripting (XSS)	<1.9.4.5
H Cross-site Scripting (XSS)	<1.9.4.5
M Signature Validation Bypass	<2.3.4-p2
H Arbitrary Code Execution	<1.9.4.3
H Information Exposure	<1.9.4.3
H Arbitrary Code Execution	<1.9.4.3
H Remote Code Execution	<1.9.4.3
H Remote Code Execution	<1.9.4.3
H Cross-site Scripting (XSS)	<1.9.4.3
M Remote Code Execution (RCE)	<1.9.4.3
M Race Condition	<1.9.4.3
M Remote Code Execution (RCE)	<1.9.4.3
H Cross-site Scripting (XSS)	<1.9.4.3
C Remote Code Execution (RCE)	<1.9.4.3>=1.10.0, <1.14.4.3
M Information Exposure	<1.9.4.2
L Session Fixation	<1.9.4.2
H Server-side Request Forgery (SSRF)	<1.9.4.2
H Remote Code Execution	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M SQL Injection	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Request Forgery (CSRF)	<1.9.4.2
M Information Exposure	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Information Disclousure	<1.9.4.1
M Cross-site Request Forgery (CSRF)	<1.9.4.1
M Cross-site Scripting (XSS)	<1.9.4.1
H Remote Code Execution	<1.9.4.1
C SQL Injection	<1.9.4.1
H Privilege Escalation	<1.9.3.10
C Information Exposure	<1.9.4.0
C Authentication Bypass	<1.9.4.0
H Remote Code Execution (RCE)	<1.9.4.0
H Remote Code Execution (RCE)	<1.9.4.0
M Privilege Escalation	<1.9.4.0
H Remote Code Execution (RCE)	<1.9.4.0
M Remote Code Execution (RCE)	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Information Exposure	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Information Exposure	<1.9.4.0
M Information Exposure	<1.9.4.0
M Cross-Site Request Forgery (CSRF)	<1.9.4.0
M Cross-Site Request Forgery (CSRF)	<1.9.4.0
M Cross-Site Request Forgery (CSRF)	<1.9.4.0
M Information Exposure	<1.9.4.0

Vulnerability

Vulnerable Version

Improper Authorization

<2.3.6>=2.4.0, <2.4.1

Remote Code Execution (RCE)

<2.3.6>=2.4.0, <2.4.1

Information Exposure

<2.3.6>=2.4.0, <2.4.1

Improper Authorization

<2.3.6>=2.4.0, <2.4.1

Insufficient Validation

<2.3.6>=2.4.0, <2.4.1