{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T23:11:39.927","vulnerabilities":[{"cve":{"id":"CVE-2019-7913","sourceIdentifier":"psirt@adobe.com","published":"2019-08-02T22:15:17.893","lastModified":"2024-11-21T04:48:57.057","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code."},{"lang":"es","value":"Se presenta una vulnerabilidad de tipo server-side request forgery (SSRF) en Magento versiones 2.1 anteriores a 2.1.18, Magento versiones 2.2 anteriores a 2.2.9, Magento versiones 2.3 anteriores a 2.3.2. Esto puede ser explotado por un usuario autenticado con privilegios de administrador para manipular los métodos de envío para ejecutar código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.1.18","matchCriteriaId":"DE066118-96FB-423F-B962-F904ACD6340C"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.2.9","matchCriteriaId":"C7822059-9FC0-45E5-826B-4DF2AB07F2BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.2","matchCriteriaId":"6B8C5A27-2957-4373-B0FE-8C7585B4B04E"}]}]}],"references":[{"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}