Adobe Commerce and Magento Improper Input Validation Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier, as well as Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1 and earlier, 2.4.7-p6 and earlier, 2.4.6-p11 and earlier, and 2.4.5-p13 and earlier. The vulnerability arises from improper input validation, allowing an attacker to send specially crafted input that can cause the application to crash or become unresponsive. Notably, exploitation of this vulnerability does not require user interaction.

Impact

Exploitation of this vulnerability can lead to application denial-of-service, causing the application to crash or become unresponsive.

Remediation

Users are advised to update to the latest versions of Adobe Commerce or Magento Open Source. The updated versions are Adobe Commerce 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15, and for Magento Open Source 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14.