CVE-2019-7851 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0003 pctl0.06925

Details

Magento 2 Community Edition CSRF vulnerability A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

Metadata

Created: 2022-05-24T16:52:22Z
Modified: 2024-02-12T11:45:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mhvf-j94g-3qp7/GHSA-mhvf-j94g-3qp7.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-mhvf-j94g-3qp7
Finding: F007
Auto approve: 1