CVE-2020-24404
packagist/magento/community-edition
Improper Authorization
Magento This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.
All versions before 2.3.6, version 2.4.0
Upgrade to versions 2.3.6, 2.4.1 or above.
2020-11-15
source |