Security Bypass (IDOR)
Affecting magento/community-edition package, versions >=2.1.0, <2.1.18 || >=2.2.0, <2.2.9 || >=2.3.0, <2.3.2
magento/community-edition is a modern cloud eCommerce platform.
Affected versions of this package are vulnerable to Security Bypass (IDOR). Due to Insecure Direct Object Reference (IDOR) in downloadable products folder, it can be exploited by an administrator with limited privileges to delete the downloadable products folder.
magento/community-edition to version 2.1.18, 2.2.9, 2.3.2 or higher.