CVE-2019-7849 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00048 pctl0.14267

Details

Magento 2 Community Edition Session Fixation Check A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.

Metadata

Created: 2022-05-24T16:52:22Z
Modified: 2024-02-12T11:19:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v797-hfv8-v2xm/GHSA-v797-hfv8-v2xm.json
CWE IDs: ["CWE-384"]
Alternative ID: GHSA-v797-hfv8-v2xm
Finding: F280
Auto approve: 1