magento/product-community-edition

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting magento/product-community-editionpage 1 of 1

CVE-2019-7865HIGHCVSS 8.8EG 8.8✓ Fixed in 2.3.2
2019-08-02
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
CVE-2019-7876HIGHCVSS 8.8EG 8.8✓ Fixed in 2.3.2
2019-08-02
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
CVE-2019-7938MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.3.2
2019-08-02
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Thi…
CVE-2019-8121CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.2-p2
2019-11-05
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known sec…

Check whether magento/product-community-edition is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for magento/product-community-edition CVEs against the assets you own.

Start Free Scan →