First published: Wed May 15 2024(Updated: )
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the vulnerability the installation has to: - use sendmail as the mail transport agent - have specific, non-default configuration settings as described [here](https://magento.com/security/patches/supee-9652#:~:text=settings%20as%20described-,here,-.).
Affected Software | Affected Version | How to fix |
---|---|---|
composer/magento/community-edition | >=1.9.0.0<1.14.3.2 | 1.14.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.