Adobe Commerce powered by Magento 2 Denial of Service 0-day Vulnerability.

Adobe Commerce has critical 0-day vulnerability adobe can’t fix. this vulnerability connected with the bad software design and architecture and pure code quality. Basically Magento 2 and Adobe commerce is a Bloated software that bares all possible Software Development best practices. They even created own Magento development “bad” practices where they described how developers should do to make websites as slow as possible. One of such bad practices are:

• Use DI everywhere
• Use Aspect Oriented Development / Plugin
• Use Product Repository and broken and extremely slow Magento ORM with slow SQL queries and N + 1 issues
• Use Magento Commerce Cloud which won nomination for the worsts possible Magento hosting solution price/quality.
• Use Ajax and Section to load dynamic content
• Cache and Index everything which really bad for Denial of Service attacks. Attacker just will not aback cached page ;)
• Broken Solid Principles when every new method has own Abstraction, Interface and Class.
• Hiding performance issues behind the Varnish. So they can easily cheat clients by showing the fast cached page where in the reality it is really slow however bad actors know how to bake through the Vanish cache
• GraphQL performance issue. New GraphQL endpoint has even more issues than old and reliable Rest API. You can easily write you query which can easily brake your Database server.

How Adobe Commerce is affected by this denial of service vulnerability?

This vulnerability affects Magento applications that utilizes Adobe Commerce Cloud web servers when processing certain not cached HTTP/2 and HTTP/3 requests. You don’t need even attackers a regular Customers traffic usually can produce Denial of Magento Service.