CVE-2020-24403
packagist/magento/community-edition
Improper Authorization
Magento This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.
All versions before 2.3.6, version 2.4.0
Upgrade to versions 2.3.6, 2.4.1 or above.
2020-11-15
source |