Adobe announced it has patched multiple critical vulnerabilities for Magento 2, that could allow attackers to take over administrator session and also grant access to customer details. The vulnerabilities affecting the popular Magento platform is said to affect both the open source and commercial versions.
The Magento Open Source release includes over 370 new fixes to core code and 33 security enhancements that help close remote code execution and cross-site scripting (XSS) vulnerabilities. It also contains the resolution of almost 290 GitHub issues and community contributions ranging from minor clean-up of core code to significant enhancements in GraphQL.
While there are no confirmed attacks related to these issues till date, Adobe said certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions.
Adobe released additional security enhancements like new composer plugin to precent dependency confusion, rate limiting to API to prevent DoS attacks and more. The fixed issues range from installation, upgrade, deployment, adobe stock integration, backend, bundle products and more.