Описание
Magento 2 Community Edition Path Traversal Vulnerability
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-7859
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7859.yaml
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
- https://web.archive.org/web/20220127030535/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.18
2.1.18
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.2.0, < 2.2.9
2.2.9
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.3.0, < 2.3.2
2.3.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.