1. Home
  2. Reference documentation
  3. Changelog
  4. 2024
  5. June 2024

Protection from CVE-2024-34102 (Adobe Commerce and Magento Open Source unauthenticated XML entity injection)

June 28, 2024
ngwaf-announcementsadded

An unauthenticated XML entity injection has been found in Adobe Commerce and Magento Open Source and has been assigned CVE-2024-34102. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:

  1. Log in to the Next-Gen WAF control panel.

  2. From the Sites menu, select a site if you have more than one site.

  3. From the Rules menu, select Templated Rules.
  4. In the search bar, enter CVE-2024-34102 and then click View for the CVE-2024-34102 templated rule.
  5. Click Configure and then Add trigger.
  6. Select the Block requests from an IP immediately if the CVE-2024-34102 signal is observed checkbox.
  7. Click Update rule.

Prior change: Upcoming Code Signing and Repository Key Rotation for RPMs

Following change: Protection from CVE-2024-5806 (Progress MOVEit Transfer Authentication Bypass Vulnerability)

Fastly
© Fastly 2025