CVE-2019-7865 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00059 pctl0.18746

Details

Magento 2 Community Edition CSRF Vulnerability A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.

Metadata

Created: 2022-05-24T16:52:23Z
Modified: 2024-02-12T11:43:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wmrg-w9vg-7jqx/GHSA-wmrg-w9vg-7jqx.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-wmrg-w9vg-7jqx
Finding: F007
Auto approve: 1