Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
{ "nvd_published_at": "2021-09-08T17:15:00Z", "cwe_ids": [ "CWE-200" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-01-10T20:47:20Z" }