Full Page Cache Warmer For Magento 2
Monthly
Remote code execution in Mirasvit Full Page Cache Warmer for Magento 2 before 1.11.12 allows unauthenticated attackers to execute arbitrary code by sending a crafted serialized PHP object in the CacheWarmer cookie. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and successful exploitation chains Magento and dependency gadget chains via an unsafe call to unserialize(). Despite a low EPSS score (0.10%), KEV listing and CVSS 9.3 indicate this is a high-priority patch for any Magento 2 store running the module.
Remote code execution in Mirasvit Full Page Cache Warmer for Magento 2 before 1.11.12 allows unauthenticated attackers to execute arbitrary code by sending a crafted serialized PHP object in the CacheWarmer cookie. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and successful exploitation chains Magento and dependency gadget chains via an unsafe call to unserialize(). Despite a low EPSS score (0.10%), KEV listing and CVSS 9.3 indicate this is a high-priority patch for any Magento 2 store running the module.