{"id":"CVE-2024-39410","details":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.","aliases":["GHSA-4323-f82v-f6jr"],"modified":"2026-03-09T23:55:49.271526Z","published":"2024-08-14T12:15:27.177Z","references":[{"type":"ADVISORY","url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/magento2","events":[{"introduced":"0"},{"last_affected":"4c36116dcf878e127059d9be9566a119783583f2"},{"introduced":"0"},{"last_affected":"0f9a056c8d83c4f319626b3e56ec52a533999f25"},{"introduced":"0"},{"last_affected":"5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"introduced":"0"},{"last_affected":"ef922155dbe6321862b3811e2472f2790489e685"},{"introduced":"0"},{"last_affected":"e18651b120784046b22e146ca1ab5d79493ed8a4"},{"introduced":"0"},{"last_affected":"c739d2113ebbbdceede4fa0dd6b0a0fc3e83355c"},{"introduced":"0"},{"last_affected":"a2ded45232876973af6e30fe312b76c0de77ebf3"},{"introduced":"0"},{"last_affected":"73f312a2f9bc43ee6bf436cb4e26ee20f6901322"},{"introduced":"0"},{"last_affected":"7aef59b58158c2c5f031a15550e590e3b499c989"},{"introduced":"0"},{"last_affected":"9721cc22eb32482d82e5e3d275fe3a0221d8b750"},{"introduced":"0"},{"last_affected":"30877fce83b793f71421c47347885cf076e81799"},{"introduced":"0"},{"last_affected":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"introduced":"0"},{"last_affected":"11846a1a10539470f2fe1522030ff42d62daa562"},{"introduced":"0"},{"last_affected":"3e26248d2ccb4b52d75e6188bb1fc93dd691c254"},{"introduced":"0"},{"last_affected":"58dfc61e7b545bdeaf3c3a2dac489e8770d85656"},{"introduced":"0"},{"last_affected":"4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62"},{"introduced":"0"},{"last_affected":"d6f014854784eccd39d2ecb35c4beeb82d59b309"},{"introduced":"0"},{"last_affected":"5bb9fe778e521cf2f3b35433c196d6ed2fd5ecb9"},{"introduced":"0"},{"last_affected":"eb27f55ff8d66db98e60784efa6d737b8ec94734"},{"introduced":"0"},{"last_affected":"a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"introduced":"0"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"},{"introduced":"0"},{"last_affected":"727560d82199f6b938d1906e9d923e2dd40b490a"},{"introduced":"0"},{"last_affected":"37861a4025ef7f18016d3ab149e006da46821784"},{"introduced":"0"},{"last_affected":"6cc0d28cf66074adebc261e981eb35811601f813"},{"introduced":"0"},{"last_affected":"b57e30c9ae27e513da830ad1d3b20c6a94afa0e7"},{"introduced":"0"},{"last_affected":"a3179be22a602e83f7e1eca187d5f8a927ef392c"},{"introduced":"0"},{"last_affected":"c5c538810b87449886f4669cb8abbe8e5593c83c"},{"introduced":"0"},{"last_affected":"fcebd3a4ad2a6863af2e2092f5e548cbd81cb0f8"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"d196d504d8b387454a123033ec2a74d7fd3d5430"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"4c36116dcf878e127059d9be9566a119783583f2"},{"introduced":"0"},{"last_affected":"0f9a056c8d83c4f319626b3e56ec52a533999f25"},{"introduced":"0"},{"last_affected":"5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"introduced":"0"},{"last_affected":"ef922155dbe6321862b3811e2472f2790489e685"},{"introduced":"0"},{"last_affected":"e18651b120784046b22e146ca1ab5d79493ed8a4"},{"introduced":"0"},{"last_affected":"c739d2113ebbbdceede4fa0dd6b0a0fc3e83355c"},{"introduced":"0"},{"last_affected":"a2ded45232876973af6e30fe312b76c0de77ebf3"},{"introduced":"0"},{"last_affected":"73f312a2f9bc43ee6bf436cb4e26ee20f6901322"},{"introduced":"0"},{"last_affected":"7aef59b58158c2c5f031a15550e590e3b499c989"},{"introduced":"0"},{"last_affected":"9721cc22eb32482d82e5e3d275fe3a0221d8b750"},{"introduced":"0"},{"last_affected":"30877fce83b793f71421c47347885cf076e81799"},{"introduced":"0"},{"last_affected":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"introduced":"0"},{"last_affected":"11846a1a10539470f2fe1522030ff42d62daa562"},{"introduced":"0"},{"last_affected":"3e26248d2ccb4b52d75e6188bb1fc93dd691c254"},{"introduced":"0"},{"last_affected":"58dfc61e7b545bdeaf3c3a2dac489e8770d85656"},{"introduced":"0"},{"last_affected":"4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62"},{"introduced":"0"},{"last_affected":"d6f014854784eccd39d2ecb35c4beeb82d59b309"},{"introduced":"0"},{"last_affected":"5bb9fe778e521cf2f3b35433c196d6ed2fd5ecb9"},{"introduced":"0"},{"last_affected":"eb27f55ff8d66db98e60784efa6d737b8ec94734"},{"introduced":"0"},{"last_affected":"a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"introduced":"0"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"},{"introduced":"0"},{"last_affected":"727560d82199f6b938d1906e9d923e2dd40b490a"},{"introduced":"0"},{"last_affected":"37861a4025ef7f18016d3ab149e006da46821784"},{"introduced":"0"},{"last_affected":"6cc0d28cf66074adebc261e981eb35811601f813"},{"introduced":"0"},{"last_affected":"b57e30c9ae27e513da830ad1d3b20c6a94afa0e7"},{"introduced":"0"},{"last_affected":"a3179be22a602e83f7e1eca187d5f8a927ef392c"},{"introduced":"0"},{"last_affected":"c5c538810b87449886f4669cb8abbe8e5593c83c"},{"introduced":"0"},{"last_affected":"fcebd3a4ad2a6863af2e2092f5e548cbd81cb0f8"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"d196d504d8b387454a123033ec2a74d7fd3d5430"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.3"},{"introduced":"0"},{"last_affected":"2.4.4-NA"},{"introduced":"0"},{"last_affected":"2.4.4-p1"},{"introduced":"0"},{"last_affected":"2.4.4-p2"},{"introduced":"0"},{"last_affected":"2.4.4-p3"},{"introduced":"0"},{"last_affected":"2.4.4-p4"},{"introduced":"0"},{"last_affected":"2.4.4-p5"},{"introduced":"0"},{"last_affected":"2.4.4-p6"},{"introduced":"0"},{"last_affected":"2.4.4-p7"},{"introduced":"0"},{"last_affected":"2.4.4-p8"},{"introduced":"0"},{"last_affected":"2.4.4-p9"},{"introduced":"0"},{"last_affected":"2.4.5-NA"},{"introduced":"0"},{"last_affected":"2.4.5-p1"},{"introduced":"0"},{"last_affected":"2.4.5-p2"},{"introduced":"0"},{"last_affected":"2.4.5-p3"},{"introduced":"0"},{"last_affected":"2.4.5-p4"},{"introduced":"0"},{"last_affected":"2.4.5-p5"},{"introduced":"0"},{"last_affected":"2.4.5-p6"},{"introduced":"0"},{"last_affected":"2.4.5-p7"},{"introduced":"0"},{"last_affected":"2.4.5-p8"},{"introduced":"0"},{"last_affected":"2.4.6-NA"},{"introduced":"0"},{"last_affected":"2.4.6-p1"},{"introduced":"0"},{"last_affected":"2.4.6-p2"},{"introduced":"0"},{"last_affected":"2.4.6-p3"},{"introduced":"0"},{"last_affected":"2.4.6-p4"},{"introduced":"0"},{"last_affected":"2.4.6-p5"},{"introduced":"0"},{"last_affected":"2.4.6-p6"},{"introduced":"0"},{"last_affected":"2.4.7-NA"},{"introduced":"0"},{"last_affected":"2.4.7-b1"},{"introduced":"0"},{"last_affected":"2.4.7-b2"},{"introduced":"0"},{"last_affected":"2.4.7-p1"},{"introduced":"0"},{"last_affected":"2.4.3"},{"introduced":"0"},{"last_affected":"2.4.4-NA"},{"introduced":"0"},{"last_affected":"2.4.4-p1"},{"introduced":"0"},{"last_affected":"2.4.4-p2"},{"introduced":"0"},{"last_affected":"2.4.4-p3"},{"introduced":"0"},{"last_affected":"2.4.4-p4"},{"introduced":"0"},{"last_affected":"2.4.4-p5"},{"introduced":"0"},{"last_affected":"2.4.4-p6"},{"introduced":"0"},{"last_affected":"2.4.4-p7"},{"introduced":"0"},{"last_affected":"2.4.4-p8"},{"introduced":"0"},{"last_affected":"2.4.4-p9"},{"introduced":"0"},{"last_affected":"2.4.5-NA"},{"introduced":"0"},{"last_affected":"2.4.5-p1"},{"introduced":"0"},{"last_affected":"2.4.5-p2"},{"introduced":"0"},{"last_affected":"2.4.5-p3"},{"introduced":"0"},{"last_affected":"2.4.5-p4"},{"introduced":"0"},{"last_affected":"2.4.5-p5"},{"introduced":"0"},{"last_affected":"2.4.5-p6"},{"introduced":"0"},{"last_affected":"2.4.5-p7"},{"introduced":"0"},{"last_affected":"2.4.5-p8"},{"introduced":"0"},{"last_affected":"2.4.6-NA"},{"introduced":"0"},{"last_affected":"2.4.6-p1"},{"introduced":"0"},{"last_affected":"2.4.6-p2"},{"introduced":"0"},{"last_affected":"2.4.6-p3"},{"introduced":"0"},{"last_affected":"2.4.6-p4"},{"introduced":"0"},{"last_affected":"2.4.6-p5"},{"introduced":"0"},{"last_affected":"2.4.6-p6"},{"introduced":"0"},{"last_affected":"2.4.7-NA"},{"introduced":"0"},{"last_affected":"2.4.7-b1"},{"introduced":"0"},{"last_affected":"2.4.7-b2"},{"introduced":"0"},{"last_affected":"2.4.7-p1"}]}}],"versions":["0.1.0-alpha100","0.1.0-alpha101","0.1.0-alpha102","0.1.0-alpha103","0.1.0-alpha104","0.1.0-alpha105","0.1.0-alpha106","0.1.0-alpha107","0.1.0-alpha108","0.1.0-alpha89","0.1.0-alpha90","0.1.0-alpha91","0.1.0-alpha92","0.1.0-alpha93","0.1.0-alpha94","0.1.0-alpha95","0.1.0-alpha96","0.1.0-alpha97","0.1.0-alpha98","0.1.0-alpha99","0.42.0-beta1","0.42.0-beta10","0.42.0-beta11","0.42.0-beta2","0.42.0-beta3","0.42.0-beta4","0.42.0-beta5","0.42.0-beta6","0.42.0-beta7","0.42.0-beta8","0.42.0-beta9","0.74.0-beta1","0.74.0-beta10","0.74.0-beta11","0.74.0-beta12","0.74.0-beta13","0.74.0-beta14","0.74.0-beta15","0.74.0-beta16","0.74.0-beta2","0.74.0-beta3","0.74.0-beta4","0.74.0-beta5","0.74.0-beta6","0.74.0-beta7","0.74.0-beta8","0.74.0-beta9","1.0.0-beta","2.0.0","2.0.0-rc","2.0.0-rc2","2.1.0","2.1.0-rc1","2.1.0-rc2","2.1.0-rc3","2.2.0-RC1.1","2.2.0-RC1.2","2.2.0-RC1.3","2.2.0-RC1.4","2.2.0-RC1.5","2.2.0-RC1.6","2.2.0-RC1.8","2.2.0-rc2.0","2.2.0-rc2.1","2.2.0-rc2.2","2.2.0-rc2.3","2.2.0-rc3.0","2.4.0","2.4.1","2.4.2","2.4.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39410.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}