CVE-2019-8090

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-8090
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8090.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-8090
Aliases
Published
2019-11-05T22:15:14.080Z
Modified
2026-02-03T07:07:50.538487Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

References

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Type
GIT
Repo
https://github.com/magento/devdocs
Events
Introduced
75da24b3b0fb950648d00e7454dae0bb7da64c30
Fixed
452b21aa6d3a221b587ca32d2d50785d92dd6aa1
Introduced
239bfc72e116f6814ff6c2f6731f0830f3bcf61c
Fixed
fe462f46d5efe781681fa25067a180b19e0e35de

Affected versions

2.*
2.1.16
2.1.17
2.2.7
2.2.8
2.3.0
2.3.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8090.json"

Git / github.com/magento/magento2

Affected ranges

Type
GIT
Repo
https://github.com/magento/magento2
Events
Introduced
07465f8ce879ff0bd0ba72a662c9e2473e49afe4
Fixed
2dd1e1a37a798fd7fd08d6894eb37bcccc99d1c6
Introduced
f4c1d7526f05bdfb1327b0701cc345f94aadcaed
Fixed
ddf42caaf25311f10b23b95a92746f99943e045e

Affected versions

2.*
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8090.json"