Skip to content

Apply patch for Cosmicsting vulnerabillity

We are trying to apply the security patch for the Cosmicsting vulnerabillty.
The Magento version is 2.4.6 (Open Source).

We have downloaded the patch

For versions 2.4.6, 2.4.6-p1, 2.4.6-p2, 2.4.6-p3, 2.4.6-p4, 2.4.6-p5:
VULN-27015-2.4.6x_v2_COMPOSER_patch.zip from Adobe website.

Then, we unzipped the file, uploaded the .patch file on thge magento installation root folder and ran the SSH command:

patch -p1 < VULN-27015-2.4.6x_v2.composer.patch

We got the following error:

can’t find file to patch at input line 5 Perhaps you used the wrong -p
or –strip option? The text leading up to this was:
————————– |diff –git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv
b/vendor/magento/theme-frontend-blank/i18n/en_US.csv |index
a491a567a37..5e8bef787d2 100644 |—
a/vendor/magento/theme-frontend-blank/i18n/en_US.csv |+++
b/vendor/magento/theme-frontend-blank/i18n/en_US.csv
————————– File to patch:

We tried using -p0, -p2, -p3 etc but got the same result.

We also checked the .patch file and the lines

— a/vendor/magento/theme-frontend-blank/i18n/en_US.csv
+++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv

don’t correspond to actual paths in our installation.

For example, the path to en_US.csv is

app/code/Magento/Theme/i18n/en_US.csv

Should we change the file paths in the .patch file?
Are we missing something?
Are we using the correct patch/commands?

I’ve read other posts in here about applying patches and couldn’t find a working solution and the Adobe documentation is not clear at all.

We are using the Smartwave Porto theme, I don’t know if this has anything to do with the problem.

Thank you in advance.