CVE-2021-28584

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-28584

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28584.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-28584

Aliases

Published

2021-06-28T14:15:11.277Z

Modified

2026-04-10T04:31:46.308719Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.

References

https://helpx.adobe.com/security/products/magento/apsb21-30.html

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Type

GIT

Repo

https://github.com/magento/devdocs

Events

Introduced

Fixed

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Fixed

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Introduced

Last affected

9eba2c99bed83d8297c03b7ea3b110500cc5b955

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.6"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.6-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.6-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.6-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.6-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.2"
        }
    ]
}

Affected versions

1.*

1.x-eos

2.*

2.0.8

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.2.11

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.0

2.3.1

2.3.2

2.3.3-p1

2.3.4

2.3.5

2.3.6-p1

2.4.1-p1

2.4.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28584.json"