Adobe Commerce and Magento Open Source Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability due to uncontrolled resource consumption has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier, as well as Magento Open Source 2.4.9-beta1, 2.4.8-p4 and earlier, 2.4.7-p9 and earlier, and 2.4.6-p14 and earlier. The vulnerability allows an attacker to exploit the application by exhausting system resources, leading to a denial-of-service condition. Notably, exploitation of this vulnerability does not require user interaction.

Impact

Exploitation of this vulnerability can cause an application denial-of-service, where the application becomes unresponsive or unavailable due to exhausted system resources.

Remediation

Users are advised to update to the latest versions of Adobe Commerce or Magento Open Source. The latest versions for Adobe Commerce are 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17 and 2.4.4-p18. For Magento Open Source, the latest versions are 2.4.9, 2.4.8-p5, 2.4.7-p10 and 2.4.6-p15.