更新: 2933 个文件 - 2026-03-18 11:36:11

08-threat-intel/registry/advisories/magento-open-source--CVE-2019-7858.json

@@ -0,0 +1,61 @@
+{
+  "canonical_id": "magento-open-source--CVE-2019-7858",
+  "system_id": "magento-open-source",
+  "display_name": "Magento Open Source",
+  "category": "ecommerce",
+  "advisory_mode": "core",
+  "title": "CVE-2019-7858",
+  "summary": "A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.",
+  "published_at": "2019-08-02T22:15:15.113",
+  "updated_at": "2024-11-21T04:48:52.343",
+  "severity": "high",
+  "cvss_score": 7.5,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23",
+  "secondary_source_urls": [],
+  "aliases": [
+    "CVE-2019-7858"
+  ],
+  "cve_ids": [
+    "CVE-2019-7858"
+  ],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "file-upload-validation",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "plugin-extension-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "NVD Magento"
+    ],
+    "source_kinds": [
+      "nvd-search"
+    ],
+    "candidate_count": 1
+  }
+}