Problem: 37 security vulnerabilities. One of the biggest flaws is a SQL injection vulnerability which can be exploited by unauthenticated remote attackers. Hackers could steal sensitive information from the databases. More details about the bugs can be read here.
Affected versions include:
– Magento Open Source prior to 1.9.4.1
– Magento Commerce prior to 1.14.4.1
– Magento Commerce 2.1 prior to 2.1.17
– Magento Commerce 2.2 prior to 2.2.8
– Magento Commerce 2.3 prior to 2.3.1
Cause: The developers of Magento have decided not to release the technical details of the flaw at this time.
Solution: A new version has been released to resolve the problems. Update as soon as possible. You can read more about the update here.