CVE-2021-36030
- Source
- https://cve.org/CVERecord?id=CVE-2021-36030
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36030.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-36030
- Aliases
- Published
- 2021-09-01T15:15:09.570Z
- Modified
- 2026-04-10T04:35:19.976213Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.
- References
Affected packages
Git / github.com/magento/magento2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/magento/magento2
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "2.3.0" }, { "last_affected": "2.3.7" }, { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "introduced": "0" }, { "last_affected": "2.4.2-p1" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.7" }, { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "introduced": "0" }, { "last_affected": "2.4.2-p1" } ] }
Affected versions
0.*
0.1.0-alpha100
0.1.0-alpha101
0.1.0-alpha102
0.1.0-alpha103
0.1.0-alpha104
0.1.0-alpha105
0.1.0-alpha106
0.1.0-alpha107
0.1.0-alpha108
0.1.0-alpha89
0.1.0-alpha90
0.1.0-alpha91
0.1.0-alpha92
0.1.0-alpha93
0.1.0-alpha94
0.1.0-alpha95
0.1.0-alpha96
0.1.0-alpha97
0.1.0-alpha98
0.1.0-alpha99
0.42.0-beta1
0.42.0-beta3
0.74.0-beta1
2.*
2.0.0
2.0.0-rc
2.1.0
2.1.0-rc1
2.1.0-rc2
2.1.0-rc3
2.2.0-RC1.1
2.2.0-RC1.2
2.2.0-RC1.3
2.3.7
2.4.2
2.4.2-p1