PT-2019-18912 · Adobe · Magento

Published

2019-11-05

Updated

2022-05-24

CVE-2019-8136

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Magento 2.2 versions prior to 2.2.10 Magento 2.3 versions prior to 2.3.3 or 2.3.2-p1

Description An insecure component issue exists due to the use of outdated versions of HTTP specification abstraction implemented in the symphony component.

Recommendations For Magento 2.2, update to version 2.2.10 or later. For Magento 2.3, update to version 2.3.3 or 2.3.2-p1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-8136

GHSA-XGCP-59G2-WM8G

Affected Products

Magento

PT-2019-18912 · Adobe · Magento

CVE-2019-8136

Related Identifiers

Affected Products

References · 8