CVE-2021-21026

Improper Authorization in packagist/magento/community-edition

Identifier

CVE-2021-21026

Package Slug

packagist/magento/community-edition

Vulnerability

Improper Authorization

Description

Magento does not sufficiently protect resources. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.1

Solution

Upgrade to versions 2.3.6, 2.4.1-p1 or above.

Last Modified

2021-02-18

source