CVE-2019-7849
HIGH7.5EPSS 0.05%Magento 2 Community Edition Session Fixation Check
發布日:2022/5/24修改日:2024/2/16
描述
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.
受影響套件(1)
- Packagist/magento/community-edition>= 2.1.0, < 2.1.18
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-7849
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-7849.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-7849.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7849.yaml
- WEBhttps://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33
- WEBhttps://web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33