CVE-2020-9587
packagist/magento/community-edition
Incorrect Authorization
Magento has an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
All versions up to 1.9.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4
Upgrade to versions 2.0.0, 2.3.5 or above.
2020-07-02
source |