CVE-2019-7892
Magento exposes a remote code execution vulnerability in 2.1.x before 2.1.18, 2.2.x before 2.2.9, and 2.3.x before 2.3.2. An authenticated administrator who can access shipment settings can trigger SSRF to execute arbitrary code on the server. Documented in multiple sources (including Red Hat and...