CVE-2020-9588

Information Exposure Through Discrepancy in packagist/magento/community-edition

Identifiers

CVE-2020-9588

Package Slug

packagist/magento/community-edition

Vulnerability

Information Exposure Through Discrepancy

Description

Magento has an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Affected Versions

All versions up to 1.9.4.4, all version starting from 1.14.4.0 up to 1.14.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4

Solution

Upgrade to versions 1.9.4.5, 1.14.4.5, 2.3.5 or above.

Last Modified

2020-07-02

source