CVE-2020-9583

OS Command Injection in packagist/magento/community-edition

Identifiers

CVE-2020-9583

Package Slug

packagist/magento/community-edition

Vulnerability

OS Command Injection

Description

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected Versions

All versions up to 1.9.4.4, all version starting from 1.14.4.0 up to 1.14.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4

Solution

Upgrade to versions 1.9.4.5, 1.14.4.5, 2.3.5 or above.

Last Modified

2020-07-02

source