Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
[
{
"product": "Magento",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions"
}
]
}
]