Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
Description
Adobe Commerce and Adobe Magento have an XXE vulnerability. This vulnerability allows an attacker to send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery, or denial-of-service attacks. The vulnerability can be chained with CVE-2024-2961 to achieve RCE.
Remediation
Upgrade to the latest version of Adobe Commerce/Magento