更新: 2933 个文件 - 2026-03-18 11:36:11

08-threat-intel/registry/advisories/magento-open-source--CVE-2019-7864.json

@@ -0,0 +1,61 @@
+{
+  "canonical_id": "magento-open-source--CVE-2019-7864",
+  "system_id": "magento-open-source",
+  "display_name": "Magento Open Source",
+  "category": "ecommerce",
+  "advisory_mode": "core",
+  "title": "CVE-2019-7864",
+  "summary": "An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.",
+  "published_at": "2019-08-02T22:15:15.487",
+  "updated_at": "2024-11-21T04:48:53.043",
+  "severity": "medium",
+  "cvss_score": 5.3,
+  "exploit_status": "unknown",
+  "source_confidence": "official",
+  "official_source_url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33",
+  "secondary_source_urls": [],
+  "aliases": [
+    "CVE-2019-7864"
+  ],
+  "cve_ids": [
+    "CVE-2019-7864"
+  ],
+  "ghsa_ids": [],
+  "osv_ids": [],
+  "affected_versions": [],
+  "fixed_versions": [],
+  "package_name": null,
+  "render_markdown": false,
+  "case_path": null,
+  "secure_code_topics": [
+    "authz-server-side-recheck",
+    "file-upload-validation",
+    "plugin-extension-trust-policy"
+  ],
+  "status": "triage",
+  "triage_reasons": [
+    "missing affected/fixed version details"
+  ],
+  "verification_status": "triage-manual",
+  "verification_mode": "synthetic",
+  "last_verified_at": null,
+  "last_run_id": null,
+  "evidence_bundle": null,
+  "browser_evidence": {
+    "required": false,
+    "present": false,
+    "refs": []
+  },
+  "repro_profile_id": "plugin-extension-generic",
+  "artifact_mode": "synthetic",
+  "blocked_reason": null,
+  "metadata": {
+    "source_names": [
+      "NVD Magento"
+    ],
+    "source_kinds": [
+      "nvd-search"
+    ],
+    "candidate_count": 1
+  }
+}