Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
Mailman Other Vulnerability (CVE-2002-0855)
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2013-0340)
PHP Use After Free Vulnerability (CVE-2019-13224)
Oracle Database Server CVE-2011-0875 Vulnerability (CVE-2011-0875)