What is the severity of CVE-2023-38251?

CVE-2023-38251 has a minor severity level associated with an uncontrolled resource consumption vulnerability.

How does CVE-2023-38251 affect Adobe Commerce applications?

CVE-2023-38251 can lead to minor application denial-of-service in affected versions of Adobe Commerce.

How can I mitigate CVE-2023-38251 in my Adobe Commerce deployment?

To mitigate CVE-2023-38251, upgrading to the latest version of Adobe Commerce that is not affected is recommended.

Is there any known exploit for CVE-2023-38251?

As of now, there are no publicly known active exploits specifically targeting CVE-2023-38251.

Vulnerability/
CVE-2023-38251

medium

5.3

CWE

400

13/10/2023

4/3/2025

CVE-2023-38251: Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Q: Which versions of Adobe Commerce are affected by CVE-2023-38251?

CVE-2023-38251 affects Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier, and 2.4.4-p5 and earlier.

First published: Fri Oct 13 2023(Updated: )

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
composer/magento/project-community-edition	<=2.0.2
composer/magento/community-edition	>=2.4.4-p1<2.4.4-p6	2.4.4-p6
composer/magento/community-edition	>=2.4.5-p1<2.4.5-p5	2.4.5-p5
composer/magento/community-edition	>=2.4.6-p1<2.4.6-p3	2.4.6-p3
composer/magento/community-edition	=2.4.4
composer/magento/community-edition	=2.4.5
composer/magento/community-edition	=2.4.6
composer/magento/community-edition	=2.4.7
composer/magento/community-edition	=2.4.7-beta1	2.4.7-beta2
Adobe Magento Commerce	=2.3.7
Adobe Magento Commerce	=2.3.7-p1
Adobe Magento Commerce	=2.3.7-p2
Adobe Magento Commerce	=2.3.7-p3
Adobe Magento Commerce	=2.3.7-p4
Adobe Magento Commerce	=2.3.7-p4-ext1
Adobe Magento Commerce	=2.3.7-p4-ext2
Adobe Magento Commerce	=2.3.7-p4-ext3
Adobe Magento Commerce	=2.3.7-p4-ext4
Adobe Magento Commerce	=2.4.0
Adobe Magento Commerce	=2.4.0-ext-1
Adobe Magento Commerce	=2.4.0-ext-2
Adobe Magento Commerce	=2.4.0-ext-3
Adobe Magento Commerce	=2.4.0-ext-4
Adobe Magento Commerce	=2.4.1
Adobe Magento Commerce	=2.4.1-ext-1
Adobe Magento Commerce	=2.4.1-ext-2
Adobe Magento Commerce	=2.4.1-ext-3
Adobe Magento Commerce	=2.4.1-ext-4
Adobe Magento Commerce	=2.4.2
Adobe Magento Commerce	=2.4.2-ext-1
Adobe Magento Commerce	=2.4.2-ext-2
Adobe Magento Commerce	=2.4.2-ext-3
Adobe Magento Commerce	=2.4.2-ext-4
Adobe Magento Commerce	=2.4.3
Adobe Magento Commerce	=2.4.3-ext-1
Adobe Magento Commerce	=2.4.3-ext-2
Adobe Magento Commerce	=2.4.3-ext-3
Adobe Magento Commerce	=2.4.3-ext-4
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.7-b1
Magento	=2.4.4
Magento	=2.4.4-p1
Magento	=2.4.4-p2
Magento	=2.4.4-p3
Magento	=2.4.5
Magento	=2.4.5-p1
Magento	=2.4.5-p2
Magento	=2.4.5-p3
Magento	=2.4.5-p4
Magento	=2.4.6
Magento	=2.4.6-p1
Magento	=2.4.6-p2
Magento	=2.4.7-b1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-38251?
CVE-2023-38251 has a minor severity level associated with an uncontrolled resource consumption vulnerability.
How does CVE-2023-38251 affect Adobe Commerce applications?
CVE-2023-38251 can lead to minor application denial-of-service in affected versions of Adobe Commerce.
Which versions of Adobe Commerce are affected by CVE-2023-38251?
CVE-2023-38251 affects Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier, and 2.4.4-p5 and earlier.
How can I mitigate CVE-2023-38251 in my Adobe Commerce deployment?
To mitigate CVE-2023-38251, upgrading to the latest version of Adobe Commerce that is not affected is recommended.
Is there any known exploit for CVE-2023-38251?
As of now, there are no publicly known active exploits specifically targeting CVE-2023-38251.

agent/type
agent/severity
agent/title
agent/weakness
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
source/GitHub
alias/GHSA-7pfc-834q-h497
alias/CVE-2023-38251
agent/software-canonical-lookup
agent/last-modified-date
agent/references
agent/description
agent/source
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-cve
source/NVD
package-manager/composer
vendor/adobe
canonical/adobe magento commerce
version/adobe magento commerce/2.3.7
version/adobe magento commerce/2.3.7-p1
version/adobe magento commerce/2.3.7-p2
version/adobe magento commerce/2.3.7-p3
version/adobe magento commerce/2.3.7-p4
version/adobe magento commerce/2.3.7-p4-ext1
version/adobe magento commerce/2.3.7-p4-ext2
version/adobe magento commerce/2.3.7-p4-ext3
version/adobe magento commerce/2.3.7-p4-ext4
version/adobe magento commerce/2.4.0
version/adobe magento commerce/2.4.0-ext-1
version/adobe magento commerce/2.4.0-ext-2
version/adobe magento commerce/2.4.0-ext-3
version/adobe magento commerce/2.4.0-ext-4
version/adobe magento commerce/2.4.1
version/adobe magento commerce/2.4.1-ext-1
version/adobe magento commerce/2.4.1-ext-2
version/adobe magento commerce/2.4.1-ext-3
version/adobe magento commerce/2.4.1-ext-4
version/adobe magento commerce/2.4.2
version/adobe magento commerce/2.4.2-ext-1
version/adobe magento commerce/2.4.2-ext-2
version/adobe magento commerce/2.4.2-ext-3
version/adobe magento commerce/2.4.2-ext-4
version/adobe magento commerce/2.4.3
version/adobe magento commerce/2.4.3-ext-1
version/adobe magento commerce/2.4.3-ext-2
version/adobe magento commerce/2.4.3-ext-3
version/adobe magento commerce/2.4.3-ext-4
version/adobe magento commerce/2.4.4
version/adobe magento commerce/2.4.4-p1
version/adobe magento commerce/2.4.4-p2
version/adobe magento commerce/2.4.4-p3
version/adobe magento commerce/2.4.4-p4
version/adobe magento commerce/2.4.4-p5
version/adobe magento commerce/2.4.5
version/adobe magento commerce/2.4.5-p1
version/adobe magento commerce/2.4.5-p2
version/adobe magento commerce/2.4.5-p3
version/adobe magento commerce/2.4.5-p4
version/adobe magento commerce/2.4.5-p5
version/adobe magento commerce/2.4.6
version/adobe magento commerce/2.4.6-p1
version/adobe magento commerce/2.4.6-p2
version/adobe magento commerce/2.4.7-b1
canonical/magento
version/magento/2.4.4
version/magento/2.4.4-p1
version/magento/2.4.4-p2
version/magento/2.4.4-p3
version/magento/2.4.5
version/magento/2.4.5-p1
version/magento/2.4.5-p2
version/magento/2.4.5-p3
version/magento/2.4.5-p4
version/magento/2.4.6
version/magento/2.4.6-p1
version/magento/2.4.6-p2
version/magento/2.4.7-b1

CVE-2023-38251: Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-38251?

How does CVE-2023-38251 affect Adobe Commerce applications?

Which versions of Adobe Commerce are affected by CVE-2023-38251?

How can I mitigate CVE-2023-38251 in my Adobe Commerce deployment?

Is there any known exploit for CVE-2023-38251?

Company

Resources

Contact