Description

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.

Remediation

References

CVE-2019-7915

Related Vulnerabilities

MyBB CVE-2008-3070 Vulnerability (CVE-2008-3070)

Oracle Database Server CVE-2009-3414 Vulnerability (CVE-2009-3414)

Spring Cloud Gateway Incorrect Authorization Vulnerability (CVE-2021-22051)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)

WordPress Plugin Export Users With Meta SQL Injection (0.6.4)

Severity

High

Classification

CVE-2019-7915 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities