CVE-2019-8090
MEDIUM6.5EPSS 0.11%Magento 2 Community Edition Arbitrary File Deletion
發布日:2022/5/24修改日:2024/12/8
描述
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.
受影響套件(1)
- Packagist/magento/community-edition>= 2.2.0, < 2.2.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-8090
- PATCHhttps://github.com/magento/magento2
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8090.yaml
- WEBhttps://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
- WEBhttps://web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update