magento/community-edition is vulnerable to remote code execution (RCE). The vulnerability exists as an admin, who is able to create or edit a product, is able to upload RCE payloads through XML layout updates.
CPE | Name | Operator | Version |
---|---|---|---|
magento/community-edition | le | 2.1.17 | |
magento/community-edition | le | 2.2.8 | |
magento/community-edition | le | 2.3.1 |