Description

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.

Remediation

References

CVE-2019-7855

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2006-1518)

Ruby on Rails Use of Externally-Controlled Format String Vulnerability (CVE-2013-4389)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1888)

Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3177)

Atlassian Jira CVE-2021-39116 Vulnerability (CVE-2021-39116)

Severity

Medium

Classification

CVE-2019-7855 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities