CVE-2021-21022

Improper Authorization in packagist/magento/community-edition

Identifiers

CVE-2021-21022

Package Slug

packagist/magento/community-edition

Vulnerability

Improper Authorization

Description

Magento is vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Affected Versions

All versions after 2.3.6 before 2.3.6, all versions starting from 2.4.0 up to 2.4.1

Solution

Upgrade to versions 2.3.6, 2.4.2 or above.

Last Modified

2021-02-18

source