Description
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2007-2119)
WebLogic CVE-2020-2551 Vulnerability (CVE-2020-2551)
WordPress Plugin Slideshow Pro Arbitrary File Upload (2.4)
MySQL CVE-2019-2689 Vulnerability (CVE-2019-2689)
WordPress Plugin Newsletter Manager Multiple Cross-Site Scripting Vulnerabilities (1.0.1)