{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "2.0.10" }, { "introduced": "2.1.0" }, { "fixed": "2.1.2" }, { "introduced": "0" }, { "fixed": "2.0.10" }, { "introduced": "2.1.0" }, { "fixed": "2.1.2" } ] }, "events": [ { "introduced": "0" }, { "fixed": "18b0d2797739f36ebb8740e8a8a80946839b7139" }, { "introduced": "60523b1194f96e18c94c82b5515b0274b30e2151" }, { "fixed": "18b0d2797739f36ebb8740e8a8a80946839b7139" }, { "introduced": "0" }, { "fixed": "18b0d2797739f36ebb8740e8a8a80946839b7139" }, { "introduced": "60523b1194f96e18c94c82b5515b0274b30e2151" }, { "fixed": "18b0d2797739f36ebb8740e8a8a80946839b7139" } ], "repo": "https://github.com/magento/devdocs", "type": "GIT" } ] } ], "details": "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.", "id": "CVE-2018-5301", "modified": "2026-03-13T21:55:02.435800005Z", "published": "2018-01-08T22:29:00.213Z", "references": [ { "type": "FIX", "url": "https://magento.com/security/patches/magento-2010-and-212-security-update" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }