Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
Atlassian Jira CVE-2021-39116 Vulnerability (CVE-2021-39116)
WordPress Plugin YITH WooCommerce Brands Add-On Security Bypass (1.3.6)
WordPress Plugin Cart66 Lite::WordPress Ecommerce Cross-Site Scripting (1.5.4)
WordPress Plugin wSecure Lite Remote Code Execution (2.3)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-10705)