CVE-2019-8121 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.2 <2.2.10 || >=2.3 <2.3.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0018 pctl0.39899

Details

Using JS libraries with known security vulnerabilities An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

Metadata

Created: 2019-11-12T22:59:28Z
Modified: 2019-11-15T20:11:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-89ch-hqf9-rgp3/GHSA-89ch-hqf9-rgp3.json
CWE IDs: []
Alternative ID: GHSA-89ch-hqf9-rgp3
Finding: F120
Auto approve: 1