Magento team has just released a patch for Enterprise and Community editions to address the Zend library vulnerability
Description: Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well.
- Magento Community Edition prior to 220.127.116.11
- Magento Enterprise Edition prior to 18.104.22.168
- Magento 2.1 versions prior to 2.1.4
- Magento 2.0 versions prior to 2.0.12
Recommended action: Please refer to Security Best Practices for additional information on how to secure your site.