CVE-2020-9690

Information Exposure Through Discrepancy in packagist/magento/community-edition

Identifiers

CVE-2020-9690

Package Slug

packagist/magento/community-edition

Vulnerability

Information Exposure Through Discrepancy

Description

Magento has an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Affected Versions

All versions before 2.3.5-p2

Solution

Upgrade to version 2.3.5-p2 or above.

Last Modified

2020-07-31

source