<p>Upgrade <code>magento/community-edition</code> to version 2.2.10, 2.3.2-p2 or higher.</p>

=2.3, <2.3.2-p2

Snyk CVSS

Attack Complexity Low

Availability High

Threat Intelligence

EPSS 0.08% (33^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-MAGENTOCOMMUNITYEDITION-473116
published 15 Oct 2019
disclosed 8 Oct 2019
credit Edgar Boda-Majer

Report a new vulnerability Found a mistake?

Introduced: 8 Oct 2019

CVE-2019-8133 Open this link in a new tab CWE-693 Open this link in a new tab

How to fix?

Upgrade magento/community-edition to version 2.2.10, 2.3.2-p2 or higher.

Overview

magento/community-edition is a modern cloud eCommerce platform.

Affected versions of this package are vulnerable to Security Bypass. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service.

References

Magento Security Advisory