CVE-2019-7873: Cross-Site Request Forgery (CSRF)

May 24, 2022 (updated August 1, 2023)

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

References

github.com/advisories/GHSA-8578-mmf4-f327
nvd.nist.gov/vuln/detail/CVE-2019-7873
web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33

Detect and mitigate CVE-2019-7873 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →