CVE-2020-9585
packagist/magento/community-edition
Code Injection
Magento has a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.
All versions up to 1.9.4.4, all version starting from 1.14.4.0 up to 1.14.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4
Upgrade to versions 1.9.4.5, 1.14.4.5, 2.3.5 or above.
2020-07-02
source |