CVE-2019-7947

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*

History

21 Nov 2024, 04:48

Type Values Removed Values Added
References () https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33 - Vendor Advisory () https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33 - Vendor Advisory

Information

Published : 2019-08-02 22:15

Updated : 2024-11-21 04:48


NVD link : CVE-2019-7947

Mitre link : CVE-2019-7947

CVE.ORG link : CVE-2019-7947


JSON object : View

Products Affected

magento

  • magento
CWE
CWE-352

Cross-Site Request Forgery (CSRF)