Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.
{ "cpes": [ "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:*:*:*:*:community:*:*:*", "cpe:2.3:a:magento:magento:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*" ], "severity": "Medium" }