CVE-2019-8090 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-8090

CWE

https://cwe.mitre.org/data/definitions/.html

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Affected Software

Name	Vendor	Start Version	End Version
Magento	Magento	2.1.0 (including)	2.1.19 (excluding)
Magento	Magento	2.2.0 (including)	2.2.10 (excluding)
Magento	Magento	2.3.0 (including)	2.3.2 (excluding)
Magento	Magento	2.3.2 (including)	2.3.2 (including)

References

https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update