Description
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2007-0289)
Oracle Application Server Other Vulnerability (CVE-2007-2119)
Oracle Application Server CVE-2006-3709 Vulnerability (CVE-2006-3709)
WordPress Plugin YITH WooCommerce Social Login Security Bypass (1.3.4)
Cherokee NULL Pointer Dereference Vulnerability (CVE-2020-12845)