CVE-2021-28583

Violation of Secure Design Principles in packagist/magento/community-edition

Identifier

CVE-2021-28583

Package Slug

packagist/magento/community-edition

Vulnerability

Violation of Secure Design Principles

Description

Magento is affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.2

Solution

Upgrade to versions 2.3.6, 2.4.2-p1 or above.

Last Modified

2021-07-08

source