GHSA-5gmh-85x8-5cx7: Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities

May 15, 2024

Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.

References

github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/2018-06-27.yaml
github.com/advisories/GHSA-5gmh-85x8-5cx7
github.com/magento/magento2
web.archive.org/web/20210802091126/https://magento.com/security/patches/magento-2.2.5-and-2.1.14-security-update

Code Behaviors & Features

Detect and mitigate GHSA-5gmh-85x8-5cx7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →