CVE-2021-36029

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-36029
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36029.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-36029
Published
2021-09-01T15:15:09Z
Modified
2025-01-14T09:25:40.317396Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

References

Affected packages

Git / github.com/magento/magento2

Affected versions

2.*

2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.4.0
2.4.1
2.4.2