15th November 2024
CosmicSting, known as CVE-2024-34102, is a very serious security problem affecting Adobe Commerce and Magento websites. It is considered “critical,” with a high danger level of 9.8 out of 10. This issue involves something called an “XML external entity (XXE) vulnerability,” which means that hackers can trick the system into showing them secret files on a website’s server.
What’s more concerning is when CosmicSting is combined with a separate weakness found in Linux systems, called CVE-2024-2961. Together, these vulnerabilities could let hackers not only read private files but also run harmful programs on the server. This makes CosmicSting one of the biggest threats to online shopping websites in years.
Affected Versions
Many versions of Adobe Commerce and Magento need fixing:
- Adobe Commerce: All versions up to 2.4.7.
- Magento Open Source: Also affected up to version 2.4.7.
- Adobe Commerce Extended Support: A wide range of older supported versions.
- Adobe Commerce Webhooks Plugin: Versions from 1.2.0 to 1.4.0.
- Update to the Latest Version: Adobe has created updates that fix this issue. Website owners should install these as soon as possible to stay safe.
- Temporary Measures: If updating right away isn’t possible, there are emergency steps you can take. These might include adding code to stop hackers from getting in.