magento/community-edition is vulnerable to signature verification bypass. It is possible because of observable timing discrepancy.
CPE | Name | Operator | Version |
---|---|---|---|
magento/community-edition | eq | 2.3.5 | |
magento/community-edition | le | 2.2.11 | |
magento/community-edition | le | 2.3.4 |