-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability specifically affects the GiftCardAccount removal feature. In Magento, CSRF protection for admin actions is typically implemented through form key validation. The absence of _validateFormKey() call in the controller action or missing form key in the associated request would make it vulnerable. While exact code isn't available, the pattern matches Magento's CSRF protection mechanisms and the vulnerability description explicitly implicates the gift card removal functionality.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1.0, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2.0, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2 | 2.3.2 |