Description
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-26048)
WordPress Plugin WP smart CRM & Invoices FREE Cross-Site Scripting (1.8.7)
Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2019-0199)
WordPress Plugin Time Sheets Cross-Site Scripting (1.4.2)
WordPress Plugin Esponce QR Code Generator Cross-Site Scripting (1.4)