The official site for Saudi CERT
Magento Update
3456
Warning Date
Severity Level
Warning Number
Target Sector
11 November, 2019
● Critical
2019-614
All - Finance and Economy - Commerce and Investment
Description:
Magento has released security update to address a vulnerability in the following versions:
- Magento Commerce 2.3 Versions prior to 2.3.3 or version 2.3.2-p1
Threats:
Attacker could exploit this vulnerability by inserting a malicious payload into a merchant’s site and execute it.
Best practice and Recommendations
- The CERT team encourages users to update the affected versions and to review Magento advisory: https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability
- For Magento 2.3.1: Install MDVA-22979_EE_2.3.1_v1 patch, and then upgrade to 2.3.3 or 2.3.2-p2.
- For Magento 2.3.2: Install MDVA-22979_EE_2.3.2_v1 patch, then upgrade to 2.3.3 or 2.3.2-p2.
Rate the content
Share the page
