CVE-2020-9632

Code Injection in packagist/magento/community-edition

Identifiers

CVE-2020-9632

Package Slug

packagist/magento/community-edition

Vulnerability

Code Injection

Description

Magento (see note) have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected Versions

All versions up to 1.9.4.4, all version starting from 1.14.4.0 up to 1.14.4.4, all versions starting from 2.2.0 up to 2.2.11, all versions starting from 2.3.0 up to 2.3.4

Solution

Upgrade to versions 1.9.4.5, 1.14.4.5, 2.3.5 or above.

Last Modified

2020-07-02

source