PT-2024-6015 · Adobe · Commerce
Published
2024-08-13
·
Updated
2024-08-14
·
CVE-2024-39399
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier
Description
The issue is related to an improper limitation of a pathname to a restricted directory, which could lead to arbitrary file system read. A low-privileged attacker could exploit this to gain access to files and directories outside the restricted directory. Exploitation does not require user interaction.
Recommendations
For Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier, update to a version that includes the fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce