CVE-2021-21022
packagist/magento/community-edition
Improper Authorization
Magento is vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.
All versions after 2.3.6 before 2.3.6, all versions starting from 2.4.0 up to 2.4.1
Upgrade to versions 2.3.6, 2.4.2 or above.
2021-02-18
source |