We are trying to apply the security patch for the Cosmicsting vulnerabillty.
The Magento version is 2.4.6 (Open Source).
We have downloaded the patch
For versions 2.4.6, 2.4.6-p1, 2.4.6-p2, 2.4.6-p3, 2.4.6-p4, 2.4.6-p5:
VULN-27015-2.4.6x_v2_COMPOSER_patch.zip from Adobe website.
Then, we unzipped the file, uploaded the .patch file on thge magento installation root folder and ran the SSH command:
patch -p1 < VULN-27015-2.4.6x_v2.composer.patch
We got the following error:
can’t find file to patch at input line 5 Perhaps you used the wrong -p
or –strip option? The text leading up to this was:
————————– |diff –git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv
b/vendor/magento/theme-frontend-blank/i18n/en_US.csv |index
a491a567a37..5e8bef787d2 100644 |—
a/vendor/magento/theme-frontend-blank/i18n/en_US.csv |+++
b/vendor/magento/theme-frontend-blank/i18n/en_US.csv
————————– File to patch:
We tried using -p0, -p2, -p3 etc but got the same result.
We also checked the .patch file and the lines
— a/vendor/magento/theme-frontend-blank/i18n/en_US.csv
+++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv
don’t correspond to actual paths in our installation.
For example, the path to en_US.csv is
app/code/Magento/Theme/i18n/en_US.csv
Should we change the file paths in the .patch file?
Are we missing something?
Are we using the correct patch/commands?
I’ve read other posts in here about applying patches and couldn’t find a working solution and the Adobe documentation is not clear at all.
We are using the Smartwave Porto theme, I don’t know if this has anything to do with the problem.
Thank you in advance.