Critical Vulnerabilities in Magento Commerce and Open Source (CVE-2020-24407 and CVE-2020-24400)

Published on 16 Oct 2020

Updated on 14 Apr 2021

Magento has released security updates to address several vulnerabilities affecting the Magento Commerce and Open Source software, out of which two vulnerabilities (CVE-2020-24407 and CVE-2020-24400) are rated as critical.

The vulnerabilities affect Magento Commerce and Magento Open Source, variations 2.3.5-p1 and earlier and 2.4.0 and earlier. Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution on affected systems.

Administrators of the affected applications are advised to update to the latest version immediately.

More information is available here:
https://helpx.adobe.com/security/products/magento/apsb20-59.html
https://threatpost.com/critical-magento-holes-online-shops-code-execution/160181/