CVE-2019-8229

Description

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

Affected products

• Adobe Systems Incorporated / Magento 1Magento Open Source prior to 1.9.4.3 – Magento Open Source prior to 1.9.4.3
• Adobe Systems Incorporated / Magento 1and Magento Commerce prior to 1.14.4.3 – and Magento Commerce prior to 1.14.4.3

References

• MISChttps://magento.com/security/patches/supee-11219