VYPR

Packagist (Composer) package

magento/product-community-edition

pkg:composer/magento/product-community-edition

Vulnerabilities (4)

  • CVE-2019-8121Nov 5, 2019
    affected >= 2.2, < 2.2.10fixed 2.2.10

    An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

  • CVE-2019-7938Aug 2, 2019
    affected >= 2.1, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated

  • CVE-2019-7876Aug 2, 2019
    affected >= 2.1, < 2.1.18fixed 2.1.18

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

  • CVE-2019-7865Aug 2, 2019
    affected >= 2.1, < 2.1.18fixed 2.1.18

    A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.