Adobe 2.4.0-2.4.5 security hotfix for Adobe Commerce and Magento Open Source.
Important: Released on October 11 2022 the security hotfix includes an update that resolves a Cross-site Scripting vulnerability tracked by CVE-2022-35698.
No exploits have have reported but it is recommended that the patch is applied ASAP.
Below is a list of all affected products and versions:
- 2.4.5
- 2.4.4, 2.4.4-p1
- 2.4.3-p2, 2.4.3-p3
- 2.4.3-p1 and below 2.4.3-p1 are not affected if all applicable security hotfixes are applied
Please note: the hotfix will prevent the above mentioned vulnerability but it is always recommended to upgrade to the latest version of Magento.
Patches and installation instructions can be found here.