Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.

Affected Packages

Packagist magento/community-edition

Affected versions: 2.4.6-p1 (fixed in 2.4.6-p4)

Packagist magento/community-edition

Affected versions: 2.4.5-p1 (fixed in 2.4.5-p6)

Packagist magento/community-edition

Affected versions: 2.4.4-p1 (fixed in 2.4.4-p7)

Packagist magento/project-community-edition

Affected versions: 0 (last affected: 2.0.2)

Related CVEs

CVE-2024-20716

Key Information

GHSA ID

GHSA-c9h9-h5gf-885r

Published

February 15, 2024 3:30 PM

Last Modified

March 4, 2025 6:29 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

magento/community-edition

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.