High severityNVD Advisory· Published Sep 1, 2021· Updated Sep 16, 2024
Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service
CVE-2021-36044
Description
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/project-community-editionPackagist | <= 2.0.2 | — |
magento/community-editionPackagist | >= 2.4.2-p1, < 2.4.2-p2 | 2.4.2-p2 |
magento/community-editionPackagist | < 2.3.7-p1 | 2.3.7-p1 |
Affected products
3- ghsa-coords2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: <= 2.0.2
- Range: unspecified
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-wr57-3h2f-3q95ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-36044ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb21-64.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.