cvelist/2019/7xxx/CVE-2019-7139.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-7139",
        "ASSIGNER": "psirt@adobe.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Magento",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Magento Open Source",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "prior to 1.9.4.1"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Magento Commerce",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "prior to 1.14.4.1"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Magento",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "prior to 2.1.17"
                                        },
                                        {
                                            "version_value": "prior to 2.2.8"
                                        },
                                        {
                                            "version_value": "prior to 2.3.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "SQL Injection"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "name": "https://www.ambionics.io/blog/magento-sqli",
                "url": "https://www.ambionics.io/blog/magento-sqli"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13",
                "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."
            }
        ]
    }
}
- Synchronized data. 2019-01-28 16:06:23 -05:00			`{`
"-Synchronized-Data." 2019-04-10 18:00:45 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2019-03-18 06:41:00 +00:00			`"CVE_data_meta": {`
			`"ID": "CVE-2019-7139",`
"-Synchronized-Data." 2019-04-10 18:00:45 +00:00			`"ASSIGNER": "psirt@adobe.com",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Magento",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Magento Open Source",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "prior to 1.9.4.1"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Magento Commerce",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "prior to 1.14.4.1"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Magento",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "prior to 2.1.17"`
			`},`
			`{`
			`"version_value": "prior to 2.2.8"`
			`},`
			`{`
			`"version_value": "prior to 2.3.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "SQL Injection"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
			`"name": "https://www.ambionics.io/blog/magento-sqli",`
			`"url": "https://www.ambionics.io/blog/magento-sqli"`
"-Synchronized-Data." 2019-08-06 14:00:50 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13",`
			`"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"`
"-Synchronized-Data." 2019-04-10 18:00:45 +00:00			`}`
			`]`
"-Synchronized-Data." 2019-03-18 06:41:00 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2019-08-06 14:00:50 +00:00			`"value": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."`
"-Synchronized-Data." 2019-03-18 06:41:00 +00:00			`}`
			`]`
			`}`
			`}`