A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.
{ "github_reviewed_at": "2023-07-17T18:56:02Z", "severity": "HIGH", "cwe_ids": [], "github_reviewed": true, "nvd_published_at": "2019-08-02T22:15:00Z" }