Merge pull request #10136 from projectdiscovery/DhiyaneshGeek-patch-1

reference addition
patch-4
Dhiyaneshwaran 2024-06-26 17:08:21 +08:00 committed by GitHub
commit 9a4338f790
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions

View File

@ -8,6 +8,7 @@ info:
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
reference: reference:
- https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md - https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md
- https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102
metadata: metadata:
fofa-query: app="Adobe-Magento" fofa-query: app="Adobe-Magento"
verified: true verified: true
@ -39,4 +40,4 @@ http:
part: header part: header
words: words:
- "application/json" - "application/json"
# digest: 4b0a00483046022100e6222a784967f5148b72e2585b0f394f446904586f8fe41c5fe7dc653e67d787022100c1a861f3f02ae0a37f8e0ae99dd731d946a0c00e0ca5f31a609d018e23104dd4:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100e6222a784967f5148b72e2585b0f394f446904586f8fe41c5fe7dc653e67d787022100c1a861f3f02ae0a37f8e0ae99dd731d946a0c00e0ca5f31a609d018e23104dd4:922c64590222798bb761d5b6d8e72950