Critical severityNVD Advisory· Published Jan 29, 2020· Updated Aug 4, 2024
CVE-2020-3716
CVE-2020-3716
Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.2.0, < 2.2.11 | 2.2.11 |
magento/community-editionPackagist | >= 2.3.0, < 2.3.4 | 2.3.4 |
Affected products
1- Range: 2.3.3 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-9wc9-498w-h8xvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-3716ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb20-02.htmlghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.