CVE-2019-7861 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00059 pctl0.18523

Details

Magento 2 Community Edition Unsafe File Upload Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Metadata

Created: 2022-05-24T16:52:23Z
Modified: 2024-02-12T11:46:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j837-vm6w-6qcv/GHSA-j837-vm6w-6qcv.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-j837-vm6w-6qcv
Finding: F027
Auto approve: 1