CVE-2021-36030

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-36030

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36030.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-36030

Published

2021-09-01T15:15:09Z

Modified

2025-01-14T09:25:45.686296Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

References

https://helpx.adobe.com/security/products/magento/apsb21-64.html

Affected packages

Git / github.com/magento/magento2

Affected ranges

Type: GIT
Repo: https://github.com/magento/magento2
Events: Last affected

1bd5cb8c065e44779526c0b044ce19b884707695

Introduced

6729b6e01368248abc33300208eb292c95050203

Last affected

33242e4b19cf207d7b73f7791ef894b48bb41f8a

Introduced

f4c1d7526f05bdfb1327b0701cc345f94aadcaed

Last affected

44a7b6079bcac5ba92040b16f4f74024b4f34d09

Affected versions

2.*

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.4.0

2.4.1

2.4.2