Blog
How to fix CVE-2022-24086 — critical security vulnerability in Adobe Commerce and Magento Open Source?
Adobe has released urgent security updates for Adobe Commerce and Magento Open Source on Sunday, February 13th. CVE-2022-24086 is a critical vulnerability that experts compare to the Magento Shoplift vulnerability from 2015. That one led to thousands of websites being hacked in just a few days because it offers unauthenticated remote code execution, meaning hackers can easily penetrate and take control of your site if you’re running on affected versions.
Affected products and versions
| Product | Version |
| Adobe Commerce | 2.4.3-p1 and earlier versions |
| 2.3.7-p2 and earlier versions | |
| Magento Open Source | 2.4.3-p1 and earlier versions |
| 2.3.7-p2 and earlier versions |
Solution
To resolve the vulnerability, apply one of the following attached patches:
The patches were tested to resolve the issue for all versions from 2.3.3-p1 to 2.3.7-p2 and 2.4.0 to 2.4.3-p1.
How to apply a composer patch provided by Adobe
Here are the steps to apply a composer patch for Adobe Commerce on-premises, Adobe Commerce on cloud infrastructure, and Magento Open Source.
How to apply a composer patch for Adobe Commerce on cloud infrastructure
- If you do not have a directory named m2-hotfixes in the project root, please create one.
- Copy the %patch_name%.composer.patch file(s) to the m2-hotfixes directory.
- Add, commit, and push your code changes:
git add –A
git commit -m "Apply %patch_name%.composer.patch patch"
git push origin
For additional information about applying patches to Cloud projects, see Apply patches in Magento developer documentation.
How to apply a composer patch for Adobe Commerce on-premises and Magento Open Source
- Upload the patch to your Adobe Commerce on-premises or Magento Open Source root directory.
- Run the following SSH command:
patch -p1 < %patch_name%.composer.patch
(If the above command does not work, try using -p2 instead of -p1) - For the changes to be reflected, refresh the cache in the Admin under System > Cache Management.
If you are not confident about installing such a critical patch yourself or your development team is not available to do it for you, we offer help!
More information can be found at:
I am a very motivated and enthusiastic person, highly creative, and recognized as a result-oriented and solution-focused individual.
Search
Categories
CategoriesArchives
ArchivesRecent Post
Recent Posts- Why Website Audit is a crucial component for your online business.
- Bliss Web Solution Pvt. Ltd is a Game Changer in India’s E-Commerce Development Industry
- How does Google CLS affect website performance, and how to Optimize it?
- How to fix CVE-2022-24086 — critical security vulnerability in Adobe Commerce and Magento Open Source?
- Bliss Web Solution Pvt. Ltd., A digital partner of your growth featured as the top 30 Real Estate web design and development agency.