GHSA-269w-pqc7-68q9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-269w-pqc7-68q9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-269w-pqc7-68q9/GHSA-269w-pqc7-68q9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-269w-pqc7-68q9
- Aliases
- Published
- 2022-05-24T17:41:55Z
- Modified
- 2024-02-16T08:12:17.794108Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Magento vulnerable to a file upload restriction bypass
- Details
-
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
- Database specific
{ "nvd_published_at": "2021-02-11T21:15:00Z", "cwe_ids": [ "CWE-434" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-01-11T19:29:52Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-21014
- https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497
- https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b
- https://github.com/magento/magento2
- https://helpx.adobe.com/security/products/magento/apsb21-08.html
Affected packages
Packagist / magento/community-edition
Package
- Name
- magento/community-edition
- Purl
- pkg:composer/magento/community-edition
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.6-p1
Affected versions
0.*
0.1.0-alpha89
0.1.0-alpha90
0.1.0-alpha91
0.1.0-alpha92
0.1.0-alpha93
0.1.0-alpha94
0.1.0-alpha95
0.1.0-alpha96
0.1.0-alpha97
0.1.0-alpha98
0.1.0-alpha99
0.1.0-alpha100
0.1.0-alpha101
0.1.0-alpha102
0.1.0-alpha103
0.1.0-alpha104
0.1.0-alpha105
0.1.0-alpha106
0.1.0-alpha107
0.1.0-alpha108
0.42.0-beta1
0.42.0-beta2
0.42.0-beta3
0.42.0-beta4
0.42.0-beta5
0.42.0-beta6
0.42.0-beta7
0.42.0-beta8
0.42.0-beta9
0.42.0-beta10
0.42.0-beta11
0.74.0-beta1
0.74.0-beta2
0.74.0-beta3
0.74.0-beta4
0.74.0-beta5
0.74.0-beta6
0.74.0-beta7
0.74.0-beta8
0.74.0-beta9
0.74.0-beta10
0.74.0-beta11
0.74.0-beta12
0.74.0-beta13
0.74.0-beta14
0.74.0-beta15
0.74.0-beta16
1.*
1.0.0-beta
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-beta5
1.0.0-beta6
2.*
2.0.0-rc
2.0.0-rc2
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.1.0-rc1
2.1.0-rc2
2.1.0-rc3
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.3.0
2.3.1
2.3.2
2.3.2-p2
2.3.3
2.3.3-p1
2.3.4
2.3.4-p2
2.3.5
2.3.5-p1
2.3.5-p2
2.3.6
Packagist / magento/community-edition
Package
- Name
- magento/community-edition
- Purl
- pkg:composer/magento/community-edition