CVE-2019-7857
CVE-2019-7857 affects Magento 2.x: Magento 2.1 before 2.1.18, 2.2 before 2.2.9, and 2.3 before 2.3.2 are vulnerable to CSRF due to an insufficient anti-CSRF token implementation, allowing manipulation that can add items to a shopper’s cart. Root cause is weak CSRF protection in the checkout/cart ...