{"uuid": "06df555a-735a-4f42-98a9-10e547eb5c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/cKure/13181", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 \u2757\ufe0f Sansec researchers are warning of a critical CosmicSting vulnerability that affects almost 75% of sites using Adobe Commerce and Magento.\n\nDespite the release of emergency fixes, nine days later the situation remains unchanged: millions of sites are at risk of serious XML external entity injection (XXE) and RCE attacks.\n\nCosmicSting is also tracked as CVE-2024-34102 (CVSS: 9.8) and represents the most severe bug in Magento and Adobe Commerce in the last two years.\n\nBy itself, it allows an attacker to view private files (for example, files with passwords). However, when combined with a recent bug in Linux, iconv (CVE-2024-2961) carries powerful malicious RCE potential.\n\nThe issue affects Adobe Commerce 2.4.7 (and earlier versions, including 2.4.6-p5, 2.4.5-p7, 2.4.4-p8), Adobe Commerce Extended Support 2.4.3-ext-7 (2.4.2-ext -7, 2.4.1-ext-7, 2.4.0-ext-7, 2.3.7-p4-ext-7 and earlier), Magento 2.4.7 (and earlier including 2.4.6-p5 , 2.4.5-p7, 2.4.4-p8), as well as the Adobe Commerce Webhooks plugin (from 1.2.0 to 1.4.0).\n\nAs Sansec notes, the absence of a detailed technical description in the Adobe bulletin will not prevent active exploitation, since effective attack methods can be modeled by analyzing the patch code.\n\nGiven its high severity and low sophistication, CosmicSting can now be considered one of the most destructive attacks in e-commerce history, along with Shoplift, Ambionics and Trojan Order, according to Sansec .\n\nResearchers recommend that platform administrators apply patches for CVE-2024-34102 as soon as possible or follow the proposed mitigation measures.", "creation_timestamp": "2024-06-22T07:57:07.000000Z"}