Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4699)
WordPress Plugin Contact Form 7 Arbitrary File Upload (5.3.1)
WordPress Plugin SpiderCatalog SQL Injection (1.7.3)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31779)
Joomla Inadequate Encryption Strength Vulnerability (CVE-2021-23126)