Adobe’s Magento e-commerce platform has two critical flaws, six important-rated errors and one moderate-severity vulnerability. The company says the flaws could allow arbitrary code execution as well as read or write access to the database. Adobe has issued patches in Magento Commerce and Magento Open Source versions 2.4.1 and 2.3.6, and recommends users update their installation to the newest version The update for all vulnerabilities is a priority 2, meaning they exist in a product that has historically been at elevated risk but for which there are currently no known exploits.
Source: https://threatpost.com/critical-magento-holes-online-shops-code-execution/160181/