CVE-2021-28566

Information Exposure in packagist/magento/community-edition

Identifiers

CVE-2021-28566

Package Slug

packagist/magento/community-edition

Vulnerability

Information Exposure

Description

Magento is vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

Affected Versions

All versions before 2.4.2

Solution

Upgrade to version 2.4.2-p1 or above.

Last Modified

2021-09-16

source