CVE-2019-8135
CVE-2019-8135 describes a remote code execution in Magento 2.x prior to fixed versions: 2.2.10 (for 2.2) and 2.3.x prior to 2.3.3 or 2.3.2-p1. The root cause is dependency injection through the Symfony framework, which allows service identifiers to be derived from user-controlled data, enabling a...