Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12cXhxLTN3cXYtcjl4cM4AAhk8

Magento 2 Community Edition Information Disclosure

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.

Permalink: https://github.com/advisories/GHSA-vqxq-3wqv-r9xp
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cXhxLTN3cXYtcjl4cM4AAhk8
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 18 days ago


CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-vqxq-3wqv-r9xp, CVE-2019-7898
References:

Affected Packages

packagist:magento/community-edition
Versions: >= 2.3, < 2.3.2, >= 2.2, < 2.2.9, >= 2.1, < 2.1.18
Fixed in: 2.3.2, 2.2.9, 2.1.18