CVE-2021-21032
packagist/magento/community-edition
Insufficient Session Expiration
Magento does not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.
All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.1
Upgrade to versions 2.3.6, 2.4.1-p1 or above.
2021-02-18
source |