Description

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.

Remediation

References

CVE-2019-7915

Related Vulnerabilities

Python Unchecked Return Value Vulnerability (CVE-2021-4189)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13587)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12646)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-37383)

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-1433)

Severity

High

Classification

CVE-2019-7915 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities