Highflyingmana

**Name of the Vulnerable Software and Affected Versions** magento-lts versions 19.4.12 and prior magento-lts versions 20.0.8 and prior **Description** The issue is caused by the unsecured deserialization of an object. A patch was back ported from Zend Framework 3 to resolve the issue. **Recommendations** For magento-lts versions 19.4.12 and prior, update to version 19.4.13 or later. For magento-lts versions 20.0.8 and prior, update to version 20.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** magento-lts versions prior to 19.4.13 magento-lts versions prior to 20.0.9 **Description** A vulnerability in magento-lts potentially allows an administrator unauthorized access to restricted resources. This issue is related to a SQL injection vulnerability in the MySQL adapter. **Recommendations** For versions prior to 19.4.13, update to version 19.4.13 to resolve the issue. For versions prior to 20.0.9, update to version 20.0.9 to resolve the issue.