Posted on Posted in Magento

Description:The Magento 2.0.3 EE and CE releases contains multiple security and functional fixes. You can find more details about the vulnerabilities addressed by this release below.

The following vulnerabilities are being addressed within this update:

  • APPSEC-1263 - Server-side cross-site scripting via user name
  • APPSEC-1379 - Reflected cross-site scripting in module
  • APPSEC-1337 - Arbitrary PHP code execution using language packs
  • APPSEC-1377 - API token access vulnerable to brute force attacks
  • APPSEC-1378 - Web API allows anonymous access
  • APPSEC-1303 - Weak encryption keys when generated from Manage Encryption Keys page

Affected versions: Magento CE and EE prior to 2.0.3
Solution: Follow Magento security best practices and apply update.
Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *