CVE-2019-8229 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: 0.00188 pctl0.40905

Details

Withdrawn Advisory: Magento 2 Community Edition RCE Vulnerability ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's [supported ecosystems](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems). This link is maintained to preserve external references. ## Original Description In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

Metadata

Created: 2022-05-24T17:00:29Z
Modified: 2023-09-28T21:18:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w8vh-5v64-j3vr/GHSA-w8vh-5v64-j3vr.json
CWE IDs: []
Alternative ID: GHSA-w8vh-5v64-j3vr
Finding: N/A
Auto approve: 0