Evrig

Get in Touch

Critical Update: Patch Your Magento/Adobe Commerce Store Now!

  • June 24, 2024
  • Categories: Adobe Commerce, Magento 2
No Comments

Attention Magento and Adobe Commerce Store Owners! – A critical security vulnerability named CosmicSting (CVE-2024-34102) has been discovered and poses a serious threat to your online store. The vulnerability is especially concerning because a large portion of stores, roughly 75% remain unpatched.

What is CosmicSting?

CosmicSting is a critical vulnerability that allows attackers to gain unauthorized access to sensitive information, including passwords, on your Magento or Adobe Commerce store. In a worst-case scenario, attackers could potentially take complete control of your website.

Why is this so Urgent?

This vulnerability is rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), indicating a severe threat. Additionally, attackers can potentially automate attacks, putting a large number of stores at risk.

What should you do?

  1. Patch Immediately: Adobe has released a security patch to address CosmicSting. We strongly recommend applying this patch as soon as possible to protect your store.
  2. Consider a Staging Environment: Be aware that security updates may cause temporary disruptions to your checkout process. If you’re concerned about this, consider the patch to a staging environment first to test for compatibility issues before deploying it to your live store.

Emergency Measures (If you cannot patch immediately):

  1. Update Your Linux Server: Ensure your server is running the latest version of Linux to mitigate some of the risks.
  2. Emergency Patch: If you are absolutely unable to patch immediately, you can implement a temporary emergency fix by adding the provided code snippet to your app/bootstrap.php.file. Please note that we provide this fix without warranty, and use it at your own risk.

 


if (strpos(file_get_contents('php://input'), 'dataIsURL') !== false) {

    header('HTTP/1.1 503 Service Temporarily Unavailable');

    header('Status: 503 Service Temporarily Unavailable');

    exit;

}

 

We recommend taking action as soon as possible to protect your Magento or Adobe Commerce store from this critical vulnerability.

Additionally, for your reference. We have included a list of affected Magento and Adobe Commerce Versions. 

 

Affected Versions

Adobe Commerce Magento Open Source
2.4.7 and earlier 2.4.7 and earlier
2.4.6-p5 and earlier 2.4.6-p5 and earlier
2.4.5-p7 and earlier 2.4.5-p7 and earlier
2.4.4-p8 and earlier 2.4.4-p8 and earlier
2.4.3-ext-7 and earlier*
2.4.2-ext-7 and earlier*
2.4.1-ext-7 and earlier*
2.4.0-ext-7 and earlier*
2.3.7-p4-ext-7 and earlier*

 

For reference, you can have a look at – https://helpx.adobe.com/security/products/magento/apsb24-40.html

Don’t let your store become the next victim of CosmicSting! Take action today and secure your Magento or Adobe Commerce store. Remember, even a small security gap can have devastating consequences. By patching your store and implementing the recommended security measures, you can ensure your customers’ peace of mind and protect your business from costly attacks.