Description
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.
Remediation
References
Related Vulnerabilities
Sqlite Out-of-bounds Read Vulnerability (CVE-2017-10989)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5297)
WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.7.1)
Oracle Database Server CVE-2010-0901 Vulnerability (CVE-2010-0901)
WordPress Plugin Email Users Cross-Site Request Forgery (4.8.3)