CVE-2019-8121: Outdated versions of JS libraries used with known security vulnerabilities

November 12, 2019 (updated November 15, 2019)

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

References

github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8121.yaml
github.com/advisories/GHSA-89ch-hqf9-rgp3
magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
nvd.nist.gov/vuln/detail/CVE-2019-8121

Detect and mitigate CVE-2019-8121 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →