CVE-2024-34102
Published Jun 13, 2024
Last updated 10 months ago
AI description
CVE-2024-34102, also known as "CosmicSting," is an XML External Entity (XXE) vulnerability affecting Adobe Commerce and Magento. This vulnerability stems from improper handling of XML data during deserialization, arising from insufficient input validation and unsafe handling of attacker-controlled data. An attacker can exploit this vulnerability by sending crafted requests or a crafted XML document referencing external entities. Successful exploitation could lead to the extraction of sensitive files, server-side request forgery, or arbitrary code execution on the remote host.
- Description
- Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- commerce, commerce_webhooks, magento
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
- Exploit added on
- Jul 17, 2024
- Exploit action due
- Aug 7, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- psirt@adobe.com
- CWE-611
- Hype score
- Not currently trending
Security Update: Magento/Adobe Commerce Hack - In the past 24 hours, over 2,000 Magento stores have been hacked, with the CosmicSting vulnerability (CVE-2024-34102) being the likely cause. If you're unsure about your store's security, reach out—we're here to help you stay safe. h
@neverfray
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-34102
@transilienceai
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-34102
@transilienceai
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2018-17144 2 - CVE-2025-24071 3 - CVE-2017-10271 4 - CVE-2025-53770 5 - CVE-2024-34102 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Sept 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
cve-2024-34102+CVE-2024-2961第一个漏洞已经解决,第二个漏洞libc和maps已经读取下来了,最后一部构造filterchain的时候一直有问题,没法rce,libc和maps可以保证是正确的。请问有大佬会的吗?
@Xiaoxiao_2585
18 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Magento XXE Vulnerability - CVE-2024-34102 #BugBounty #CyberSecurity #Magento #XXE https://t.co/UTSKKvk7Qj
@NullSecurityX
18 Sept 2025
6198 Impressions
21 Retweets
163 Likes
71 Bookmarks
2 Replies
0 Quotes
Over on #SplunkBlogs, the Splunk Threat Research Team breaks down CVE-2024-34102. Also known as CosmicSting, this vulnerability highlights the ongoing challenges in maintaining security in complex, widely-deployed software systems. https://t.co/6ewkyhy0bH https://t.co/kWdjEJbbOx
@jenmeadzellner
4 Dec 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over on #SplunkBlogs, the Splunk Threat Research Team breaks down CVE-2024-34102. Also known as CosmicSting, this vulnerability highlights the ongoing challenges in maintaining security in complex, widely-deployed software systems. https://t.co/xzDzA3X1z3 https://t.co/IJOs61ygz7
@Pav0ne
3 Dec 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over on #SplunkBlogs, the Splunk Threat Research Team breaks down CVE-2024-34102. Also known as CosmicSting, this vulnerability highlights the ongoing challenges in maintaining security in complex, widely-deployed software systems. https://t.co/Uc50YmYwJz https://t.co/3dxPe0XM71
@ayazahmed85
28 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over on #SplunkBlogs, the Splunk Threat Research Team breaks down CVE-2024-34102. Also known as CosmicSting, this vulnerability highlights the ongoing challenges in maintaining security in complex, widely-deployed software systems. https://t.co/NHpvpa8CwU https://t.co/cDlaZJhXgP
@henryvillar
27 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over on #SplunkBlogs, the Splunk Threat Research Team breaks down CVE-2024-34102. Also known as CosmicSting, this vulnerability highlights the ongoing challenges in maintaining security in complex, widely-deployed software systems. https://t.co/ySZMZzntPi https://t.co/QLtDoNcQmN
@oferguetta
27 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Unveiling CosmicSting: Post-Analysis of CVE-2024-34102! 🚨 Dive into our latest blog where we dissect CVE-2024-34102, a critical XXE vulnerability affecting Adobe Commerce and Magento, released earlier this year! 🛍️💥🔍 Highlights: 🌌 CosmicSting Decoded: In-depth look at…
@M_haggis
25 Nov 2024
1925 Impressions
8 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
TERCERA PISTA DEL CAPTURE THE FLAG DENTRO DE LA @BugCON ¿Ya leíste bien el apache? ¿Tok tok 8090? ¿Ya revisaste los archivos de backup? (Bak) CVE-2024-34102 #BugCON #HackersCentral #ctf
@hackers_central
22 Nov 2024
154 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Understanding the CosmicSting CVE-2024-34102 Attack on Magento Open Source/ Adobe Commerce #fixnblog https://t.co/jSSB3WPvmj
@FixnBlog
18 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-34102
@transilienceai
4 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-34102
@transilienceai
30 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-34102
@transilienceai
29 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-34102
@transilienceai
25 Oct 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-34102
@transilienceai
23 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔓A critical vulnerability dubbed #CosmicSting (CVE-2024-34102) is affecting #AdobeCommerce and #Magento e-commerce platforms. https://t.co/7HrllOeu2I https://t.co/mu3OryKlft
@ecommbridgeeu
21 Oct 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4F3CDEB-7BEE-44F7-A927-DCA209429D96"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFCF3470-0C38-4F54-9BFF-B5819805AECB"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F"
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D"
},
{
"criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EC901F8-73E4-4B13-9855-D7B157D37EA3",
"versionEndExcluding": "1.5.0",
"versionStartIncluding": "1.2.0"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B"
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5"
}
],
"operator": "OR"
}
]
}
]