CVE-2024-45120
LOWDescription
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-45120? +
How severe is CVE-2024-45120? +
What products are affected by CVE-2024-45120? +
How do I check if I'm vulnerable to CVE-2024-45120? +
Related Vulnerabilities
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations …
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) …
Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition …
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could …
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race …
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at …