Critical severityNVD Advisory· Published Jan 29, 2020· Updated Aug 4, 2024
CVE-2020-3718
CVE-2020-3718
Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.3.0, < 2.3.4 | 2.3.4 |
magento/community-editionPackagist | < 2.2.11 | 2.2.11 |
magneto/corePackagist | < 1.9.4.4 | 1.9.4.4 |
Affected products
1- Range: 2.3.3 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-x9p7-vgp2-9pq2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-3718ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb20-02.htmlghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.