Bulletin ID
Last updated on
May 14, 2024
Security update available for Adobe Dreamweaver | APSB24-39
|
|
Date Published |
Priority |
|---|---|---|
|
APSB24-39 |
May 14, 2024 |
3 |
Summary
Adobe has released a security update for Adobe Dreamweaver. This update resolves a critical vulnerability and dependency. Successful exploitation could lead to arbitrary code execution.
Affected Versions
|
Product |
Affected Versions |
Platform |
|---|---|---|
|
Adobe Dreamweaver |
21.3 and earlier versions |
Windows and macOS |
Solution
Adobe categorizes this update with the following priority rating and recommends users to use latest builds for new installation via the Creative Cloud desktop app updater, or by navigating to the Dreamweaver Help menu and clicking "Updates." For more information, please reference this help page.
|
Product |
Updated Version |
Platform |
Priority rating |
|---|---|---|---|
|
Adobe Dreamweaver |
21.4 |
Windows and macOS |
3 |
Note:
Note: For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information on the Creative Cloud Packager.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) |
Arbitrary code execution |
Critical |
CVE-2024-30314 |
Updates to Dependencies
|
Dependency |
Vulnerability Impact |
Affected Version |
|
Chromium Embedded Framework |
Arbitrary code execution |
21.3 and earlier versions |
Acknowledgements
Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:
- Sudhanshu Rajbhar (sudi) - CVE-2024-30314
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online