CVE-2019-8107: Magento 2 Community Edition Arbitrary File Deletion

May 24, 2022 (updated July 18, 2023)

An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.

References

github.com/advisories/GHSA-2cg3-w597-rjfv
nvd.nist.gov/vuln/detail/CVE-2019-8107
web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Code Behaviors & Features

Detect and mitigate CVE-2019-8107 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →