An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zM2NqLXc3NWYtNDltMs4AAhlE

Magento 2 Community Edition Server-Side Request Forgery vulnerability

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to, and Magento Commerce prior to, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 9 days ago

CVSS Score: 7.2
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-33cj-w75f-49m2, CVE-2019-7911

Affected Packages

Versions: >= 2.3.0, < 2.3.2, >= 2.2.0, < 2.2.9, >= 2.1.0, < 2.1.18
Fixed in: 2.3.2, 2.2.9, 2.1.18