CVE-2024-39397

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier

Description The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file that can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.

Recommendations For Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier, upgrade to a version that is not affected by this vulnerability. As a temporary workaround, consider restricting file uploads to prevent malicious files from being executed on the server. Restrict access to the server to minimize the risk of exploitation.