Just in case some of you did not read the news: a zero-day bug is being exploited in the wild by attackers, which has forced Adobe to roll out emergency security patches to secure the stores.
If you are running your store on Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), then your store is at high risk!
Yes, latest version is at risk!
The detected RCE bug can allow the attackers to execute arbitrary codes on the stores and harm them.
More informations from Adobe:
Security update available for Adobe Commerce | APSB22-12
Also here:
Beetanshi blog: Fix RCE Vulnerability
And more here:
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
And here:
Critical Vulnerability Strikes Magento Open Source and Adobe Commerce
If you are running your store on Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), then your store is at high risk!
Yes, latest version is at risk!
The detected RCE bug can allow the attackers to execute arbitrary codes on the stores and harm them.
More informations from Adobe:
Security update available for Adobe Commerce | APSB22-12
Also here:
Beetanshi blog: Fix RCE Vulnerability
And more here:
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
And here:
Critical Vulnerability Strikes Magento Open Source and Adobe Commerce
Last edited:
. I really want to advise those here who use Magento 2 (2.3 and 2.4) to apply patches available on Adobe website and not wait for version 2.4.4 that will be released on March 8. Patch your stores now! Better safe than sorry.