---
title: Protection from CVE-2023-38218 (insecure direct object reference)
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2023/10/protection-from-cve-2023-38218-insecure-direct-object-reference
---

An insecure direct object reference (IDOR) vulnerability has been found in Adobe Commerce and Magento Open Source and has been assigned **CVE-2023-38218**. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Templated Rules**.
4. In the search bar, enter `CVE-2023-38218` and then click **View** for the CVE-2023-38218 templated rule.
5. Click **Configure** and then **Add trigger**.
6. Select the **Block requests from an IP immediately if the CVE-2023-38218 signal is observed** checkbox.
7. Click **Update rule**.