CVE-2024-34102

Adobe | Commerce and Magento Open SourceAdded 2024-07-17Remediation Deadline 2024-08-07

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-611

References

https://helpx.adobe.com/security/products/magento/apsb24-40.html
https://nvd.nist.gov/vuln/detail/CVE-2024-34102

Cybersecurity Alerts

CVE-2024-34102

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Required Action

Weakness Classification

References