GHSA-8578-mmf4-f327

Source

https://github.com/advisories/GHSA-8578-mmf4-f327

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8578-mmf4-f327/GHSA-8578-mmf4-f327.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8578-mmf4-f327

Aliases

CVE-2019-7873

Published

2022-05-24T16:52:24Z

Modified

2024-02-16T08:00:59.408511Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Magento 2 Community Edition Cross-site Scripting Vulnerability

Details

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

Database specific

{
    "nvd_published_at": "2019-08-02T22:15:00Z",
    "cwe_ids": [
        "CWE-352",
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-01T22:55:54Z"
}

References

Affected packages

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.18

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.9

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.2

Affected versions

2.*

2.3.0

2.3.1