Merge pull request #10136 from projectdiscovery/DhiyaneshGeek-patch-1

reference addition
2024-06-26 17:08:21 +08:00 · 2024-06-26 17:08:21 +08:00 · 9a4338f790
parent b3c550197d 4310f83744
commit 9a4338f790
1 changed files with 2 additions and 1 deletions
--- a/http/cves/2024/CVE-2024-34102.yaml
+++ b/http/cves/2024/CVE-2024-34102.yaml
@ -8,6 +8,7 @@ info:
    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
  reference:
    - https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md
+    - https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102
  metadata:
    fofa-query: app="Adobe-Magento"
    verified: true
@ -39,4 +40,4 @@ http:
        part: header
        words:
          - "application/json"
-# digest: 4b0a00483046022100e6222a784967f5148b72e2585b0f394f446904586f8fe41c5fe7dc653e67d787022100c1a861f3f02ae0a37f8e0ae99dd731d946a0c00e0ca5f31a609d018e23104dd4:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100e6222a784967f5148b72e2585b0f394f446904586f8fe41c5fe7dc653e67d787022100c1a861f3f02ae0a37f8e0ae99dd731d946a0c00e0ca5f31a609d018e23104dd4:922c64590222798bb761d5b6d8e72950