CVE-2020-9587
Incorrect Authorization in packagist/magento/community-edition
Identifiers
CVE-2020-9587
Package Slug
packagist/magento/community-edition
Vulnerability
Incorrect Authorization
Description
Magento has an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
Affected Versions
All versions up to 1.9.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4
Solution
Upgrade to versions 2.0.0, 2.3.5 or above.
Last Modified
2020-07-02
| source |