CVE-2021-28584

Path Traversal in packagist/magento/community-edition

Identifier

CVE-2021-28584

Package Slug

packagist/magento/community-edition

Vulnerability

Path Traversal

Description

Magento is affected by a Path Traversal vulnerability when creating a store with a child theme. Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.2

Solution

Upgrade to versions 2.3.6, 2.4.2-p1 or above.

Last Modified

2021-07-08

source