CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-8135

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile16.60th
Published2019年11月6日
Last Modified2024年11月21日

Vulnerability Description

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution.

Affected Platforms (CPE)

📦
Magento

Magento

>= 2.2.0 and < 2.2.10
📦
Magento

Magento

>= 2.2.0 and < 2.2.10
📦
Magento

Magento

>= 2.3.0 and < 2.3.2
📦
Magento

Magento

>= 2.3.0 and < 2.3.2
📦
Magento

Magento

= 2.3.2
📦
Magento

Magento

= 2.3.2

References & Advisories

🔗 https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
🔗 https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

関連する脆弱性情報

CVE-2019-81449.8

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malic...

CVE-2019-81219.8

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3...

CVE-2019-71399.8

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensi...

CVE-2019-81369.8

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codeb...