CVE-2019-7874
MEDIUM6.5EPSS 0.03%Magento 2 Community Edition XSS Vulnerability
發布日:2022/5/24修改日:2024/2/16
描述
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
受影響套件(1)
- Packagist/magento/community-edition>= 2.1.0, < 2.1.18
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-7874
- PATCHhttps://github.com/magento/magento2
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7874.yaml
- WEBhttps://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
- WEBhttps://web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13