CVE-2024-39406

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Magento Open Source versions 2.4.7-p1 through 2.4.4-p9 and earlier

Description The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This could lead to arbitrary file system read, allowing an attacker to gain access to files and directories outside the restricted directory. Exploitation of this issue does not require user interaction. The vulnerability is associated with insufficient protection of internal data, which could be exploited by a remote attacker to bypass security restrictions.

Recommendations For Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Magento Open Source versions 2.4.7-p1 through 2.4.4-p9 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability.