CVE-2019-7911: Server-Side Request Forgery (SSRF)

May 24, 2022 (updated August 1, 2023)

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.

References

github.com/advisories/GHSA-33cj-w75f-49m2
nvd.nist.gov/vuln/detail/CVE-2019-7911
web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13

Code Behaviors & Features

Detect and mitigate CVE-2019-7911 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →