CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-8136

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile11.31th
Published2019年11月6日
Last Modified2024年11月21日

Vulnerability Description

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component.

Affected Platforms (CPE)

📦
Magento

Magento

>= 2.2.0 and < 2.2.10
📦
Magento

Magento

>= 2.2.0 and < 2.2.10
📦
Magento

Magento

>= 2.3.0 and < 2.3.2
📦
Magento

Magento

>= 2.3.0 and < 2.3.2
📦
Magento

Magento

= 2.3.2
📦
Magento

Magento

= 2.3.2

References & Advisories

🔗 https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
🔗 https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

相關漏洞威脅

CVE-2019-81449.8

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malic...

CVE-2019-81219.8

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3...

CVE-2019-71399.8

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensi...

CVE-2019-81359.8

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency in...