Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
{ "cpes": [ "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:2.3.7:p1:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:2.3.7:p2:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:2.4.3:-:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:2.4.3:p1:*:*:commerce:*:*:*" ], "severity": "Critical" }