Adobe has released a set of out-of-band security fixes to resolve serious issues in the Magento platform.
Published on October 15, the security advisory is outside of the firm’s typical monthly patch cycle and resolves nine vulnerabilities, eight of which are considered either critical or important, as well as one moderate-severity flaw.
The vulnerabilities impact Magento Commerce and Magento Open Source, versions 2.3.5-p1, 2.4.0, and earlier.
Adobe Magento’s critical vulnerabilities, now resolved, are tracked as CVE-2020-24407 and CVE-2020-24400. The file upload allow list bypass and SQL injection bug can lead to the execution of arbitrary code or arbitrary read/write database access.