CVE-2019-7865

Cross-Site Request Forgery (CSRF) in packagist/magento/product-community-edition

Identifiers

GHSA-wmrg-w9vg-7jqx, CVE-2019-7865

Package Slug

packagist/magento/product-community-edition

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.

Affected Versions

All versions starting from 2.1 before 2.1.18, all versions starting from 2.2 before 2.2.9, all versions starting from 2.3 before 2.3.2

Solution

Upgrade to versions 2.1.18, 2.2.9, 2.3.2 or above.

Last Modified

2024-02-12

source