magento/core vulnerabilities

licenses detected
- OSL-3.0
  >=0

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the magento/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Improper Authorization	<2.3.6 >=2.4.0, <2.4.1
H Remote Code Execution (RCE)	<2.3.6 >=2.4.0, <2.4.1
L Information Exposure	<2.3.6 >=2.4.0, <2.4.1
M Improper Authorization	<2.3.6 >=2.4.0, <2.4.1
M Insufficient Validation	<2.3.6 >=2.4.0, <2.4.1
M Improper Authorization	<2.3.6 >=2.4.0, <2.4.1
H SQL Injection	<2.3.6 >=2.4.0, <2.4.1
H Cross-site Scripting (XSS)	<2.3.6 >=2.4.0, <2.4.1
L Improper Authorization	<2.3.6 >=2.4.0, <2.4.1
M Cross-Site Request Forgery (CSRF)	<2.0.10 >=2.1.0, <2.1.2
H Cross-site Scripting (XSS)	>=0.0.0
H Cross-site Scripting (XSS)	>=2.3.0, <2.3.3 <2.2.10
H SQL Injection	>=2.3.0, <2.3.4 <2.2.11
H Arbitrary Code Execution	>=2.3.0, <2.3.4 <2.2.11
H Directory Traversal	>=2.3.0, <2.3.4 <2.2.11
H Cross-site Scripting (XSS)	>=2.3.0, <2.3.4 <2.2.11
H Deserialization of Untrusted Data	>=2.3.0, <2.3.4 <2.2.11
H Security Bypass	<2.3.4-p2
H Security Bypass	<2.3.4-p2
M Privilege Escalation	<2.2.11 >=2.3.0, <2.3.4
H Authorization Bypass	<1.9.4.5
M Command Injection	<1.9.4.5
M Arbitrary Code Execution	<1.9.4.5
H Cross-site Scripting (XSS)	<1.9.4.5
H Command Injection	<1.9.4.5
H Improper Authorization	<1.9.4.5
H Command Injection	<1.9.4.5
H Arbitrary Code Execution	<1.9.4.5
H Command Injection	<1.9.4.5
H Arbitrary Code Execution	>=2.3.5, <2.3.5-p1 <2.3.4-p2
H Cross-site Scripting (XSS)	<1.9.4.5
H Cross-site Scripting (XSS)	<1.9.4.5
M Signature Validation Bypass	<2.3.4-p2
H Arbitrary Code Execution	<1.9.4.3
H Information Exposure	<1.9.4.3
H Arbitrary Code Execution	<1.9.4.3
H Remote Code Execution	<1.9.4.3
H Remote Code Execution	<1.9.4.3
H Cross-site Scripting (XSS)	<1.9.4.3
M Remote Code Execution (RCE)	<1.9.4.3
M Race Condition	<1.9.4.3
M Remote Code Execution (RCE)	<1.9.4.3
H Cross-site Scripting (XSS)	<1.9.4.3
C Remote Code Execution (RCE)	<1.9.4.3 >=1.10.0, <1.14.4.3
M Information Exposure	<1.9.4.2
L Session Fixation	<1.9.4.2
H Server-side Request Forgery (SSRF)	<1.9.4.2
H Remote Code Execution	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M SQL Injection	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Request Forgery (CSRF)	<1.9.4.2
M Information Exposure	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Cross-site Scripting (XSS)	<1.9.4.2
M Information Disclousure	<1.9.4.1
M Cross-site Request Forgery (CSRF)	<1.9.4.1
M Cross-site Scripting (XSS)	<1.9.4.1
H Remote Code Execution	<1.9.4.1
C SQL Injection	<1.9.4.1
H Privilege Escalation	<1.9.3.10
C Information Exposure	<1.9.4.0
C Authentication Bypass	<1.9.4.0
H Remote Code Execution (RCE)	<1.9.4.0
H Remote Code Execution (RCE)	<1.9.4.0
M Privilege Escalation	<1.9.4.0
H Remote Code Execution (RCE)	<1.9.4.0
M Remote Code Execution (RCE)	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Information Exposure	<1.9.4.0
M Cross-site Scripting (XSS)	<1.9.4.0
M Information Exposure	<1.9.4.0
M Information Exposure	<1.9.4.0
M Cross-Site Request Forgery (CSRF)	<1.9.4.0
M Cross-Site Request Forgery (CSRF)	<1.9.4.0
M Cross-Site Request Forgery (CSRF)	<1.9.4.0
M Information Exposure	<1.9.4.0

magento/core vulnerabilities

licenses detected

Direct Vulnerabilities