CVE-2019-8126
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2019-8126. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure.
Available Exploits
Related News
Affected Products
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Information disclosure through processing of external XML entities
GHSA-427g-2r83-3ccmAdvisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: November 12, 2019, Modified: February 12, 2024