CVE-2017-13761

medium

Published 2017-09-14 · Modified 2024-04-24

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

Fastly Magento2 sensitive information disclosure

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2

Package impact

Ecosystem	Package	Vulnerable	Fixed
Packagist	fastly/magento2	`<1.2.26`	`1.2.26`

Application impact

Vendor	Product	Versions	Fixed
fastly	fastly	`{"endIncluding":"1.2.25"}`

References

https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2
https://nvd.nist.gov/vuln/detail/CVE-2017-13761

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.