Oh good, a 9.8-score vulnerability on a Sunday! Our own top-researcher,
We recommend prioritizing patching as soon as possible (today, ideally), since exploits are being seen in the wild and Magento has previously been a target for attackers. The patch from Adobe is available here for download.
If you’re running Adobe Magento or Commerce 2.4.3p1 and earlier, or 2.3.7-p2 and earlier, you are vulnerable to attack. Versions 2.3.3 and lower are not affected, though eCommerce security firm Sansec recommends manually implementing the patch anyways.”
As always, head over to the blog to read Peter’s full post...but patch Magento first!