Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Added July 17, 2024 • Due Aug. 7, 2024 • CVE-2024-34102

Overdue Adobe / Commerce and Magento Open Source CWE-611

Description

Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://helpx.adobe.com/security/products/magento/apsb24-40.html
https://nvd.nist.gov/vuln/detail/CVE-2024-34102

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months ago