Magento 2 - Security Vulnerability CVE-2022-35698 - Where can I find patch for 2.4.2?

Question

I read about a severe security hole in magento.

But magento does not provide a patch for 2.4.2, or I cant find it.

What should I do? How can I test if I am affected?

Update: I found this post (german) saying that there is no patch yet, but magento works on it: https://www.e-conomix.at/blog/security-updatefuer-adobe-commerce-und-magento-open-source-apsb22-48 — Black, Oct 19 '22 at 08:47

score 3 · Accepted Answer · answered Oct 19 '22 at 10:20

The Security Vulnerability CVE-2022-35698 does not affect in Magento 2.4.2 version. This was confirmed by Nathan Smith – Adobe Commerce Application Security Engineering Manager.

You can read more about affected version, and not affected version here: https://magetu.com/adobe-commerce-and-magento-open-source-security-hotfix-for-cve-2022-35698-and-hotfix-patches-for-2-3-7-p3-2-3-7-p4/

score 1 · Answer 2 · answered Oct 19 '22 at 09:01

1

Im guessing they will not include the patch for that version as its really outdated and not actively maintained.

answered Oct 19 '22 at 09:01

Petar Borisovski

708
6
18

1

2.4.2 is supported until end of november 2022 though. – Black Oct 19 '22 at 13:05

Magento 2 - Security Vulnerability CVE-2022-35698 - Where can I find patch for 2.4.2?

2 Answers2