Path Traversal Affecting magento/community-edition package, versions >=2.4.7-p1, <2.4.7-p2 >=2.4.6-p1, <2.4.6-p7 >=2.4.5-p1, <2.4.5-p9 <2.4.4-p10
Threat Intelligence
EPSS
0.06% (29th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-MAGENTOCOMMUNITYEDITION-7986109
- published 17 Sep 2024
- disclosed 14 Aug 2024
- credit Blaklis
Introduced: 14 Aug 2024
CVE-2024-39406 Open this link in a new tabHow to fix?
Upgrade magento/community-edition
to version 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 or higher.
Overview
magento/community-edition is a modern cloud eCommerce platform.
Affected versions of this package are vulnerable to Path Traversal through the manipulation of file paths.