High severityNVD Advisory· Published Aug 2, 2019· Updated Aug 4, 2024
CVE-2019-7865
CVE-2019-7865
Description
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.1.0, < 2.1.18 | 2.1.18 |
magento/community-editionPackagist | >= 2.2.0, < 2.2.9 | 2.2.9 |
magento/community-editionPackagist | >= 2.3.0, < 2.3.2 | 2.3.2 |
magento/product-community-editionPackagist | >= 2.1, < 2.1.18 | 2.1.18 |
magento/product-community-editionPackagist | >= 2.2, < 2.2.9 | 2.2.9 |
magento/product-community-editionPackagist | >= 2.3, < 2.3.2 | 2.3.2 |
Affected products
3- ghsa-coords2 versions
>= 2.1.0, < 2.1.18+ 1 more
- (no CPE)range: >= 2.1.0, < 2.1.18
- (no CPE)range: >= 2.1, < 2.1.18
- Range: Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wmrg-w9vg-7jqxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-7865ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7865.yamlghsaWEB
- magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33ghsax_refsource_CONFIRMWEB
- web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33ghsaWEB
News mentions
0No linked articles in our index yet.