CVE-2020-9580

Code Injection in packagist/magento/community-edition

Identifiers

CVE-2020-9580

Package Slug

packagist/magento/community-edition

Vulnerability

Code Injection

Description

Magento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected Versions

All versions up to 1.9.4.4, all version starting from 1.14.4.0 up to 1.14.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4

Solution

Upgrade to versions 1.9.4.5, 1.14.4.5, 2.3.5 or above.

Last Modified

2020-07-02

source