CVE-2020-3716
published 2020-01-29CVE-2020-3716: Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | magento | — | — |
| adobe | magento | — | — |
| adobe | magento | — | — |
| adobe | magento | — | — |
| magento | community-edition | >= 2.2.0 < 2.2.11 | 2.2.11 |
| magento | community-edition | >= 2.3.0 < 2.3.4 | 2.3.4 |
| magento | magento | <= 1.9.4.3 | — |
| magento | magento | <= 1.14.4.3 | — |
| magento | magento | 2.2.0 – 2.2.10 | — |
| magento | magento | 2.3.0 – 2.3.3 | — |