CVE-2019-7851: Cross-Site Request Forgery (CSRF)

May 24, 2022 (updated July 14, 2023)

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

References

github.com/advisories/GHSA-mhvf-j94g-3qp7
nvd.nist.gov/vuln/detail/CVE-2019-7851
web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33

Code Behaviors & Features

Detect and mitigate CVE-2019-7851 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →