Описание
Magento 2 Community Edition Cryptographic Flaw
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-7858
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7858.yaml
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
- https://web.archive.org/web/20220121051916/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.18
2.1.18
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.2.0, < 2.2.9
2.2.9
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.3.0, < 2.3.2
2.3.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.