Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS02dzI5LXg1ajQtcWhyd84AAlK8

Critical EPSS: 0.05415% (0.89679 Percentile) EPSS:
Permalink JSON

Magento security mitigation bypass vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:magento/project-community-edition <= 2.0.2 No known fixed version
9 Dependent packages
11 Dependent repositories
4,251 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2
packagist:magento/community-edition >= 2.3.0, < 2.3.4-p2, <= 2.2.11 2.3.4-p2,
13 Dependent packages
12 Dependent repositories
49,793 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3

All unaffected versions

2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8
packagist:magento/core < 1.9.4.5 1.9.4.5

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

References:

Identifiers

GHSA-6w29-x5j4-qhrw

CVE-2020-9632

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.05415

EPSS Percentile: 0.89679

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 3 years ago

Updated

6 months ago

API

JSON