Описание
Magento deserialization vulnerability
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.2.0, < 2.2.11
2.2.11
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.3.0, < 2.3.4
2.3.4
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.