CVE-2021-21012

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-21012
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21012.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21012
Published
2021-01-13T23:15:14.400Z
Modified
2026-04-10T04:29:28.647563Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.

References

Affected packages

Git / github.com/magento/magento2

Affected ranges

Type
GIT
Repo
https://github.com/magento/magento2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
53ad434d78cd2d357203fb82e5ea059883f403b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6729b6e01368248abc33300208eb292c95050203
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e15fcef0c71b5f25ed3d50f41586d70c45c2cb42
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
445b0f1a3d6a91b5da32d311077c2112ef0b1503
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
53ad434d78cd2d357203fb82e5ea059883f403b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6729b6e01368248abc33300208eb292c95050203
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e15fcef0c71b5f25ed3d50f41586d70c45c2cb42
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
445b0f1a3d6a91b5da32d311077c2112ef0b1503
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1"
        }
    ]
}

Affected versions

0.*
0.1.0-alpha100
0.1.0-alpha101
0.1.0-alpha102
0.1.0-alpha103
0.1.0-alpha104
0.1.0-alpha105
0.1.0-alpha106
0.1.0-alpha107
0.1.0-alpha108
0.1.0-alpha89
0.1.0-alpha90
0.1.0-alpha91
0.1.0-alpha92
0.1.0-alpha93
0.1.0-alpha94
0.1.0-alpha95
0.1.0-alpha96
0.1.0-alpha97
0.1.0-alpha98
0.1.0-alpha99
0.42.0-beta1
0.42.0-beta3
0.74.0-beta1
2.*
2.0.0
2.0.0-rc
2.1.0
2.1.0-rc1
2.1.0-rc2
2.1.0-rc3
2.2.0-RC1.1
2.2.0-RC1.2
2.2.0-RC1.3
2.3.6
2.4.0
2.4.0-p1
2.4.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21012.json"