Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02cWg2LXY5OWgtdmg0Y84AAhkn

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

Permalink: https://github.com/advisories/GHSA-6qh6-v99h-vh4c
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cWg2LXY5OWgtdmg0Y84AAhkn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 17 days ago


CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-6qh6-v99h-vh4c, CVE-2019-7876
References:

Affected Packages

packagist:magento/product-community-edition
Versions: >= 2.3, < 2.3.2, >= 2.2, < 2.2.9, >= 2.1, < 2.1.18
Fixed in: 2.3.2, 2.2.9, 2.1.18
packagist:magento/community-edition
Versions: >= 2.3, < 2.3.2, >= 2.2, < 2.2.9, >= 2.1, < 2.1.18
Fixed in: 2.3.2, 2.2.9, 2.1.18