Description

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.

Remediation

References

CVE-2019-7915

Related Vulnerabilities

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36260)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5473)

WebLogic CVE-2021-2033 Vulnerability (CVE-2021-2033)

WordPress Plugin YITH WooCommerce Multi Vendor Security Bypass (3.4.0)

WordPress Plugin Software License Manager Cross-Site Request Forgery (4.4.5)

Severity

High

Classification

CVE-2019-7915 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities