CVE-2020-9585

Code Injection in packagist/magento/community-edition

Identifiers

CVE-2020-9585

Package Slug

packagist/magento/community-edition

Vulnerability

Code Injection

Description

Magento has a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected Versions

All versions up to 1.9.4.4, all version starting from 1.14.4.0 up to 1.14.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4

Solution

Upgrade to versions 1.9.4.5, 1.14.4.5, 2.3.5 or above.

Last Modified

2020-07-02

source