On February 13 (updated February 17), Adobe released a new security update (APSB22-12) for Magento Open Source 2.4.3-p1 and all earlier versions of 2.4 as well as 2.3.7-p2 and all earlier versions till 2.3.3. Merchants on older Magento 2 versions might also be affected. You should install this security update as soon as possible to prevent exploitation.
Fixes Vulnerability
Two improper input validation (PRODSECBUG-3118 / CVE-2022-24086) (PRODSECBUG-3120 / CVE-2022-24087) vulnerabilities, which allow arbitrary code execution and were rated as critical because they don’t need authentication for the exploitation.
Remember to create a backup before updating Magento and keep Magento up to date to close found vulnerabilities.
Credits
- Picture courtesy of Abhishek Hajare
- Official security update release note and link to patches on support.magento.com
