Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34102.json",
"cna_assigner": "adobe",
"cwe_ids": [
"CWE-611"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"last_affected": "2.4.4-p8"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": [
"cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "2.4.2-NA"
},
{
"last_affected": "2.4.2-NA"
},
{
"introduced": "2.4.2-ext\\-1"
},
{
"last_affected": "2.4.2-ext\\-1"
},
{
"introduced": "2.4.2-ext\\-2"
},
{
"last_affected": "2.4.2-ext\\-2"
},
{
"introduced": "2.4.3-NA"
},
{
"last_affected": "2.4.3-NA"
},
{
"introduced": "2.4.3-ext\\-1"
},
{
"last_affected": "2.4.3-ext\\-1"
},
{
"introduced": "2.4.3-ext\\-2"
},
{
"last_affected": "2.4.3-ext\\-2"
},
{
"introduced": "2.4.3-ext\\-3"
},
{
"last_affected": "2.4.3-ext\\-3"
},
{
"introduced": "2.4.4-NA"
},
{
"last_affected": "2.4.4-NA"
},
{
"introduced": "2.4.4-p1"
},
{
"last_affected": "2.4.4-p1"
},
{
"introduced": "2.4.4-p2"
},
{
"last_affected": "2.4.4-p2"
},
{
"introduced": "2.4.4-p3"
},
{
"last_affected": "2.4.4-p3"
},
{
"introduced": "2.4.4-p4"
},
{
"last_affected": "2.4.4-p4"
},
{
"introduced": "2.4.4-p5"
},
{
"last_affected": "2.4.4-p5"
},
{
"introduced": "2.4.4-p6"
},
{
"last_affected": "2.4.4-p6"
},
{
"introduced": "2.4.4-p8"
},
{
"last_affected": "2.4.4-p8"
},
{
"introduced": "2.4.5-NA"
},
{
"last_affected": "2.4.5-NA"
},
{
"introduced": "2.4.5-p1"
},
{
"last_affected": "2.4.5-p1"
},
{
"introduced": "2.4.5-p2"
},
{
"last_affected": "2.4.5-p2"
},
{
"introduced": "2.4.5-p3"
},
{
"last_affected": "2.4.5-p3"
},
{
"introduced": "2.4.5-p4"
},
{
"last_affected": "2.4.5-p4"
},
{
"introduced": "2.4.5-p5"
},
{
"last_affected": "2.4.5-p5"
},
{
"introduced": "2.4.5-p7"
},
{
"last_affected": "2.4.5-p7"
},
{
"introduced": "2.4.6-NA"
},
{
"last_affected": "2.4.6-NA"
},
{
"introduced": "2.4.6-p1"
},
{
"last_affected": "2.4.6-p1"
},
{
"introduced": "2.4.6-p2"
},
{
"last_affected": "2.4.6-p2"
},
{
"introduced": "2.4.6-p3"
},
{
"last_affected": "2.4.6-p3"
},
{
"introduced": "2.4.6-p5"
},
{
"last_affected": "2.4.6-p5"
},
{
"introduced": "2.4.7-NA"
},
{
"last_affected": "2.4.7-NA"
},
{
"introduced": "2.4.4-p7"
},
{
"last_affected": "2.4.4-p7"
},
{
"introduced": "2.4.5-p6"
},
{
"last_affected": "2.4.5-p6"
},
{
"introduced": "2.4.6-p4"
},
{
"last_affected": "2.4.6-p4"
},
{
"introduced": "2.4.7-b1"
},
{
"last_affected": "2.4.7-b1"
}
]
}