CVE-2020-9578
packagist/magento/community-edition
OS Command Injection
Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
All versions up to 1.9.4.4, all version starting from 1.14.4.0 up to 1.14.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4
Upgrade to versions 1.9.4.5, 1.14.4.5, 2.3.5 or above.
2020-07-02
source |