CVE-2019-7947

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-7947
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7947.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-7947
Aliases
Published
2019-08-02T22:15:19Z
Modified
2024-10-12T05:23:38.079228Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

References

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Type
GIT
Repo
https://github.com/magento/devdocs
Events
Type
GIT
Repo
https://github.com/magento/magento2
Events

Affected versions

2.*

2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.8
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3.0
2.3.1