GHSA-wmrg-w9vg-7jqx

Source

https://github.com/advisories/GHSA-wmrg-w9vg-7jqx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wmrg-w9vg-7jqx/GHSA-wmrg-w9vg-7jqx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wmrg-w9vg-7jqx

Aliases

CVE-2019-7865

Published

2022-05-24T16:52:23Z

Modified

2024-02-16T08:21:28.835714Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Magento 2 Community Edition CSRF Vulnerability

Details

A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.

Database specific

{
    "nvd_published_at": "2019-08-02T22:15:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-17T20:51:12Z"
}

References

Affected packages

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.18

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.9

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.2

Affected versions

2.*

2.3.0

2.3.1

Packagist / magento/product-community-edition

Package

Name: magento/product-community-edition
Purl: pkg:composer/magento/product-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

2.1.18

Packagist / magento/product-community-edition

Package

Name: magento/product-community-edition
Purl: pkg:composer/magento/product-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.9

Packagist / magento/product-community-edition

Package

Name: magento/product-community-edition
Purl: pkg:composer/magento/product-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3

Fixed

2.3.2