CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8121

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile2.50th
PublishedNov 5, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

Affected Platforms (CPE)

πŸ“¦
Magento

Magento

>= 2.1.0 and < 2.1.19
πŸ“¦
Magento

Magento

>= 2.1.0 and < 2.1.19
πŸ“¦
Magento

Magento

>= 2.2.0 and < 2.2.10
πŸ“¦
Magento

Magento

>= 2.2.0 and < 2.2.10
πŸ“¦
Magento

Magento

>= 2.3.0 and <= 2.3.2
πŸ“¦
Magento

Magento

>= 2.3.0 and <= 2.3.2

References & Advisories

πŸ”— https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
πŸ”— https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Related Vulnerabilities

CVE-2019-81449.8

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malic...

CVE-2019-81359.8

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency in...

CVE-2019-71399.8

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensi...

CVE-2019-81369.8

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codeb...