Description
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Remediation
References
Related Vulnerabilities
WordPress Plugin Click to Copy Grab Box Multiple Cross-Site Scripting Vulnerabilities (0.1.1)
WordPress Plugin Simple add pages or posts Cross-Site Request Forgery (1.6)
PHP Other Vulnerability (CVE-2011-3182)
WordPress Plugin RSVPMaker SQL Injection (7.8.1)
WordPress Plugin Answer My Question Multiple Cross-Site Scripting Vulnerabilities (1.1)