CVE-2019-7859 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00139 pctl0.34566

Details

Magento 2 Community Edition Path Traversal Vulnerability A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

Metadata

Created: 2022-05-24T16:52:23Z
Modified: 2024-02-12T11:47:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hqhf-8jgc-h5hx/GHSA-hqhf-8jgc-h5hx.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-hqhf-8jgc-h5hx
Finding: F063
Auto approve: 1