58 行
1.8 KiB
JSON
58 行
1.8 KiB
JSON
{
|
|
"canonical_id": "magento-open-source--d2829261cd",
|
|
"system_id": "magento-open-source",
|
|
"display_name": "Magento Open Source",
|
|
"category": "ecommerce",
|
|
"advisory_mode": "extension",
|
|
"title": "Magento 2 critical vulnerability (CVE-2022-24086 & CVE-2022-24087) 2022-02-14 Adobe has released two emergency patches for a critical vulnerability in Magento 2. You need to apply both patches, in order. The vulnerability allows unauthenticated remote code execution (RCE), which is the worst possible type. Actual abuse has already been reported. To illustrate the severity,... skimming trojanorder",
|
|
"summary": "",
|
|
"published_at": null,
|
|
"updated_at": null,
|
|
"severity": "unknown",
|
|
"cvss_score": null,
|
|
"exploit_status": "unknown",
|
|
"source_confidence": "ecosystem-authority",
|
|
"official_source_url": "https://sansec.io/research/magento-2-cve-2022-24086",
|
|
"secondary_source_urls": [],
|
|
"aliases": [],
|
|
"cve_ids": [],
|
|
"ghsa_ids": [],
|
|
"osv_ids": [],
|
|
"affected_versions": [],
|
|
"fixed_versions": [],
|
|
"package_name": null,
|
|
"render_markdown": false,
|
|
"case_path": null,
|
|
"secure_code_topics": [
|
|
"authz-server-side-recheck",
|
|
"file-upload-validation",
|
|
"plugin-extension-trust-policy"
|
|
],
|
|
"status": "triage",
|
|
"triage_reasons": [
|
|
"missing affected/fixed version details"
|
|
],
|
|
"verification_status": "triage-manual",
|
|
"verification_mode": "synthetic",
|
|
"last_verified_at": null,
|
|
"last_run_id": null,
|
|
"evidence_bundle": null,
|
|
"browser_evidence": {
|
|
"required": false,
|
|
"present": false,
|
|
"refs": []
|
|
},
|
|
"repro_profile_id": "plugin-extension-generic",
|
|
"artifact_mode": "synthetic",
|
|
"blocked_reason": null,
|
|
"metadata": {
|
|
"source_names": [
|
|
"Sansec Research"
|
|
],
|
|
"source_kinds": [
|
|
"html-links"
|
|
],
|
|
"candidate_count": 1
|
|
}
|
|
}
|