64 行
1.8 KiB
JSON
64 行
1.8 KiB
JSON
{
|
|
"canonical_id": "magento-open-source--CVE-2019-7864",
|
|
"system_id": "magento-open-source",
|
|
"display_name": "Magento Open Source",
|
|
"category": "ecommerce",
|
|
"advisory_mode": "core",
|
|
"title": "CVE-2019-7864",
|
|
"summary": "An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.",
|
|
"published_at": "2019-08-02T22:15:15.487",
|
|
"updated_at": "2024-11-21T04:48:53.043",
|
|
"severity": "medium",
|
|
"cvss_score": 5.3,
|
|
"exploit_status": "unknown",
|
|
"source_confidence": "official",
|
|
"official_source_url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33",
|
|
"secondary_source_urls": [],
|
|
"aliases": [
|
|
"CVE-2019-7864"
|
|
],
|
|
"cve_ids": [
|
|
"CVE-2019-7864"
|
|
],
|
|
"ghsa_ids": [],
|
|
"osv_ids": [],
|
|
"affected_versions": [],
|
|
"fixed_versions": [],
|
|
"package_name": null,
|
|
"render_markdown": false,
|
|
"case_path": null,
|
|
"secure_code_topics": [
|
|
"authz-server-side-recheck",
|
|
"file-upload-validation",
|
|
"plugin-extension-trust-policy"
|
|
],
|
|
"status": "triage",
|
|
"triage_reasons": [
|
|
"missing affected/fixed version details"
|
|
],
|
|
"verification_status": "triage-manual",
|
|
"verification_mode": "synthetic",
|
|
"last_verified_at": null,
|
|
"last_run_id": null,
|
|
"evidence_bundle": null,
|
|
"historical_status": null,
|
|
"latest_status": null,
|
|
"browser_evidence": {
|
|
"required": false,
|
|
"present": false,
|
|
"refs": []
|
|
},
|
|
"repro_profile_id": "plugin-extension-generic",
|
|
"artifact_mode": "synthetic",
|
|
"blocked_reason": null,
|
|
"metadata": {
|
|
"source_names": [
|
|
"NVD Magento"
|
|
],
|
|
"source_kinds": [
|
|
"nvd-search"
|
|
],
|
|
"candidate_count": 1
|
|
}
|
|
}
|