Описание
Magento Cross-Site Request Forgery (CSRF)
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
< 2.0.10
2.0.10
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.2
2.1.2
Связанные уязвимости
CVSS3: 6.5
nvd
около 8 лет назад
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.