CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-8121

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile2.50th
Published2019年11月5日
Last Modified2024年11月21日

Vulnerability Description

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

Affected Platforms (CPE)

📦
Magento

Magento

>= 2.1.0 and < 2.1.19
📦
Magento

Magento

>= 2.1.0 and < 2.1.19
📦
Magento

Magento

>= 2.2.0 and < 2.2.10
📦
Magento

Magento

>= 2.2.0 and < 2.2.10
📦
Magento

Magento

>= 2.3.0 and <= 2.3.2
📦
Magento

Magento

>= 2.3.0 and <= 2.3.2

References & Advisories

🔗 https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
🔗 https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

関連する脆弱性情報

CVE-2019-81449.8

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malic...

CVE-2019-81359.8

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency in...

CVE-2019-71399.8

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensi...

CVE-2019-81369.8

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codeb...