## https://sploitus.com/exploit?id=840B58F3-6C2A-53E2-93C9-41E6D4384E0D
# Magento 2 patch for CVE-2024-34102(aka CosmicSting)
**Another way(as an extension) to hotfix the security hole if you cannot apply the official patch or cannot upgrade Magento.**
# Description
### Impact
The attacker makes use of this security hole may read secret files(eg: encryption key in `env.php`) on the server.\
With those secrets, the attacker can perform unauthorized actions(eg: by creating admin JSON Web Token `JWT`).
### More Info
[CVE-2024-34102](https://nvd.nist.gov/vuln/detail/CVE-2024-34102)\
[Official Patch](https://helpx.adobe.com/security/products/magento/apsb24-40.html)
# Requirements
**Magento 2.4**
# Installation
Note: it has a dependency, so you need `composer`.\
**`composer require wubinworks/module-cosmic-sting-patch`**