Adobe this week released a security update correcting four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open up Source 2 e-commerce platforms.
The two most considerable bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), equally of which can consequence in arbitrary code execution. The first issue is credited was documented by Edgar Boda-Majer of Bugscale and Blaklis, and the second was noted by Boda-Majer on your own.
The remaining two vulnerabilities are classified as crucial and consist of an observable timing discrepancy that can lead to a signature verification bypass and a DOM-based mostly cross-web page scripting bug that can final result in arbitrary code execution.
The difficulties have been fixed in Magento Commerce 2 variations 2.4. and 2.3.5-p2, and Magento Open Source 2 versions 2.4. and 2.3.5-p2.