CVE-2020-9588
- Source
- https://cve.org/CVERecord?id=CVE-2020-9588
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9588.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-9588
- Aliases
- Published
- 2020-06-26T21:15:17.327Z
- Modified
- 2026-03-14T10:36:32.492115Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
- References
Affected packages
Git / github.com/magento/devdocs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/magento/devdocs
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.11" }, { "introduced": "2.2.0" }, { "last_affected": "2.2.11" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.4" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.4" } ] }