Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| magento/community-edition(Packagist) | 0 | N/A | N/A |
| magento/community-edition(Packagist) | 2.3.0 | 2.3.4-p2 | N/A |
| magento/core(Packagist) | 0 | 1.9.4.5 | N/A |
| magento/project-community-edition(Packagist) | 0 | N/A | N/A |
CVSS Metrics
