This article describes a solution for a Critical vulnerability (SC2019-003-329876) in an open source plugin, named Sitecore Rocks, which is commonly used in Sitecore development environments.
Critical vulnerability SC2019-003-329876 allows an unauthenticated threat actor to inject malicious commands and code, thus compromising the security controls.
We encourage Sitecore customers and partners who are using Sitecore Rocks plugin to familiarize themselves with the information below and apply the fix to affected Sitecore systems.
If you would like to receive notifications about new Security Bulletins, please subscribe to the Security Bulletins RSS Feed.