CVE-2019-8231
Magento Remote code execution through catalog attribute sets
7.2
HIGH
CVSS 3.1
EPSS 0.19%
Description
In Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
How to fix CVE-2019-8231
To remediate CVE-2019-8231, upgrade the affected package to a fixed version below.
- —upgrade to 1.9.4.3 or later
Is CVE-2019-8231 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.9.4.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |