CVE-2021-36034

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-36034
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36034.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-36034
Published
2021-09-01T15:15:09Z
Modified
2024-06-13T07:30:27.606447Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.

References

Affected packages

Git / github.com/magento/magento2

Affected versions

2.*

2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.4.0
2.4.1
2.4.2