CVE-2019-8151

Name of the Vulnerable Software and Affected Versions Magento 2.2 versions 2.2.0 through 2.2.9 Magento 2.3 versions 2.3.0 through 2.3.2

Description A remote code execution issue exists due to unsafe handling of a carrier gateway, allowing an authenticated user with admin privileges to manipulate shipment settings and execute arbitrary code through server-side request forgery.

Recommendations For Magento 2.2 versions 2.2.0 through 2.2.9, update to version 2.2.10. For Magento 2.3 versions 2.3.0 through 2.3.2, update to version 2.3.3 or apply the security patch 2.3.2-p1, then promptly upgrade to 2.3.2-p2 if 2.3.2-p1 has already been implemented.