This week Adobe released a security bulletin APSB22-12 dedicated to a vulnerability CVE-2022-24086. Its exploitation could allow arbitrary code execution. The flaw received a CVSS score of 9.8 out of a possible 10, marking it as critical. Adobe also stated that their internal security team discovered the issue, so the vulnerability has been exploited in very limited attacks.
The affected Adobe Commerce and Magento Open source versions are 2.4.3-p1 and earlier and 2.3.7p2 and earlier up to 2.3.3. 2.3.3 and lower were not affected.
The security update named MDVA-43395_EE_2.4.3-p1_v1 was released and can be installed manually or using Composer. It was tested for compatibility with all versions from 2.3.3-p1 to 2.3.7p-2 and 2.4.0 to 2.4.3-p1. The update is available both for Adobe Commerce and Magento Open source.
Obviously, the vulnerability is related to Directive Processor, since Adobe Commerce and Magento Open source versions 2.3.3 and before do not have the file VarDirective.php and any files for DirectiveProcessorInterface.
This week Adobe released a security bulletin APSB22-12 dedicated to a vulnerability CVE-2022-24086. Its exploitation could allow arbitrary code execution. The flaw received a CVSS score of 9.8 out of a possible 10, marking it as critical. Adobe also stated that their internal security team discovered the issue, so the vulnerability has been exploited in very limited attacks.
The affected Adobe Commerce and Magento Open source versions are 2.4.3-p1 and earlier and 2.3.7p2 and earlier up to 2.3.3. 2.3.3 and lower were not affected.
The security update named MDVA-43395_EE_2.4.3-p1_v1 was released and can be installed manually or using Composer. It was tested for compatibility with all versions from 2.3.3-p1 to 2.3.7p-2 and 2.4.0 to 2.4.3-p1. The update is available both for Adobe Commerce and Magento Open source.
The update contains changes applied to two files:
vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.phpvendor/magento/module-email/Model/Template/Filter.phpObviously, the vulnerability is related to Directive Processor, since Adobe Commerce and Magento Open source versions 2.3.3 and before do not have the file
VarDirective.phpand any files forDirectiveProcessorInterface.Recent Posts
About Me
Zest Logic
Building custom eCommerce systems for startups, growing IT businesses, and eCom enterprises since 2006.
Popular Post
Oberlo – a dropshipping app for Shopify,
May 23, 2022Splitit launches an Installments-as-a-Service platform.
May 19, 2022PHP 8.1.6 became available.
May 16, 2022Instagram Feeds
zestlogic
Popular Tags