Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary code execution.
View the template here CVE-2024-34102.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-34102