Description
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.
Remediation
References
Related Vulnerabilities
Sqlite Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-45346)
Jboss EAP Improper Privilege Management Vulnerability (CVE-2019-14838)
WordPress Plugin Page Animations And Transitions Unspecified Vulnerability (2.1.8)
WordPress Plugin Custom Permalinks Unspecified Vulnerability (0.7.15)