High severityNVD Advisory· Published Sep 1, 2021· Updated Sep 17, 2024

Magento Commerce Improper Input Validation Could Lead To Remote Code Execution

CVE-2021-36041

Description

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
magento/project-community-editionPackagist	<= 2.0.2	—
magento/community-editionPackagist	< 2.3.7-p1	2.3.7-p1
magento/community-editionPackagist	>= 2.4.2-p1, < 2.4.2-p2	2.4.2-p2

Affected products

ghsa-coords2 versions
pkg:composer/magento/community-edition pkg:composer/magento/project-community-edition
< 2.3.7-p1+ 1 more
- (no CPE)range: < 2.3.7-p1
- (no CPE)range: <= 2.0.2
Adobe Inc./Magento Commercecpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-mx5m-j5xr-jg8cghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-36041ghsaADVISORY
helpx.adobe.com/security/products/magento/apsb21-64.htmlghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000