CVE-2019-7898 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1 <2.1.18 || >=2.2 <2.2.9 || >=2.3 <2.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00059 pctl0.18523

Details

Magento 2 Community Edition Information Disclosure Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.

Metadata

Created: 2022-05-24T16:52:26Z
Modified: 2024-02-12T11:19:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vqxq-3wqv-r9xp/GHSA-vqxq-3wqv-r9xp.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-vqxq-3wqv-r9xp
Finding: F184
Auto approve: 1