CVE-2019-8126
N/A
N/A
Summary
An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe Systems Incorporated | Magento 2 | Magento 2.2 prior to 2.2.10 | affected |
| Adobe Systems Incorporated | Magento 2 | Magento 2.3 prior to 2.3.3 or 2.3.2-p1 | affected |
Weaknesses
- XML External Entity Injection (XXE)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.