Description

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.

Remediation

References

CVE-2019-7915

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2004-2149)

WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.7.0)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31554)

Lodash Other Vulnerability (CVE-2019-10744)

WordPress CVE-2019-17673 Vulnerability (CVE-2019-17673)

Severity

High

Classification

CVE-2019-7915 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities