---
title: >-
  Protection from CVE-2024-34102 (Adobe Commerce and Magento Open Source
  unauthenticated XML entity injection)
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2024/06/protection-from-cve-2024-34102-adobe-commerce-and-magento-open-source-unauthenticated-xml-entity-injection
---

An unauthenticated XML entity injection has been found in Adobe Commerce and Magento Open Source and has been assigned CVE-2024-34102. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Templated Rules**.
4. In the search bar, enter `CVE-2024-34102` and then click **View** for the CVE-2024-34102 templated rule.
5. Click **Configure** and then **Add trigger**.
6. Select the **Block requests from an IP immediately if the CVE-2024-34102 signal is observed** checkbox.
7. Click **Update rule**.