Hi, I upgraded a few days back from 2.4.1 to 2.4.2 CE
Got a Magento Security Scan Email yesterday telling me failed on a "RCE Vulnerability".
PRODSECBUG-2403 RCE Vulnerability patch has not been detected! (500)
The Action was to Install Magento 2.3.3 and 2.2.10 Security Update.
But I am now already on 2.4.2?
Composer file reflects the correct version.
So does anyone have recommendation what to do here please? Is the 2.2.10 patch a requirement to put on top of 2.4.2 or should 2.4.2 already contain the required patches?
(Obviously the scan is not aware of this).
Thanks for any pointers.
I just got the same. I think we can safely call this a false positive.
As this week (after lots of checks and no changes) it tells me we've passed with flying colours...