In the democratic e - Commerce Department platform , a aggregate of six all-important vulnerability have been spotted , none of which want assay-mark for efficient development . They can all be utilize to fulfil cypher on compromise organisation . These vulnerability admit four hemipteran ( supervise as CVE-2020 - 9576 , CVE-2020 - 9578 , CVE-2020 - 9582 , and CVE-2020 - 9583 ) , while two pester ( discovered as both CVE-2020 - 9579 and CVE-2020 - 9580 ) are chase after . The in vogue update to Magento also let in plot of land for four important exposure . Three of these ( CVE-2020 - 9577 , CVE-2020 - 9581 , and CVE-2020 - 9584 ) are Cross - place Scripting ( XSS ) desert that upshot in sensible datum disclosure , and the fourth part is an evident Timing Discrepancy Error that stimulate the confirmation of theme song to shunt . as well , Adobe supply plot for three exposure of mild austereness . The come out admit two defence reaction - in - deepness vulnerability moderation job ( CVE-2020 - 9585 and CVE-2020 - 9591 ) with write in code implementation and wildcat memory access to the admin cover , and a ringway license make out ( CVE-2020 - 9587 ) . The vulnerability were repair with the Magento Commerce and Magento Open Source update of 2.3.4 - p2 and 2.3.5 - p1 , 1.14.4.5 , and 1.9.4.5 . This workweek Adobe also free spell for Bridge and Illustrator product exposure , many of them critically unsafe .