Security Advisory

CVE-2019-7885

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-08-02 21:20:53

Last updated 2024-08-04 21:02:19

Assigner adobe

State PUBLISHED

Description

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.

← Browse all CVEs View on cve.org ↗