IBEXA-SA-2020-006 Object Injection in legacy shop module

PKSA-21zv-zmv6-8djw

Affected version: >=2019.3.0,<2019.3.5.1|>=2017.12.0,<2017.12.7.3|>=5.4.0,<5.4.14.2

Reported by:
FriendsOfPHP/security-advisories