{"id":"CVE-2018-5301","details":"Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.","aliases":["GHSA-w3mq-67mw-3p9f"],"modified":"2026-04-10T04:10:53.687361Z","published":"2018-01-08T22:29:00.213Z","references":[{"type":"FIX","url":"https://magento.com/security/patches/magento-2010-and-212-security-update"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/devdocs","events":[{"introduced":"0"},{"fixed":"18b0d2797739f36ebb8740e8a8a80946839b7139"},{"introduced":"60523b1194f96e18c94c82b5515b0274b30e2151"},{"fixed":"18b0d2797739f36ebb8740e8a8a80946839b7139"},{"introduced":"0"},{"fixed":"18b0d2797739f36ebb8740e8a8a80946839b7139"},{"introduced":"60523b1194f96e18c94c82b5515b0274b30e2151"},{"fixed":"18b0d2797739f36ebb8740e8a8a80946839b7139"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.10"},{"introduced":"2.1.0"},{"fixed":"2.1.2"},{"introduced":"0"},{"fixed":"2.0.10"},{"introduced":"2.1.0"},{"fixed":"2.1.2"}]}}],"versions":["2.0.8","2.0.9","2.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5301.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}