CVE-2024-34111

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read and potentially result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. Exploitation of this issue does not require user interaction. The vulnerability is associated with insufficient checking of incoming requests.

Recommendations For Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.