CVE-2021-21022 – magento/project-community-edition

Package

Manager: composer
Name: magento/project-community-edition
Vulnerable Version: >=0 <=2.0.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00113 pctl0.30557

Details

Magento Insecure Direct Object Reference (IDOR) in the product module Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Metadata

Created: 2022-05-24T17:41:56Z
Modified: 2025-02-10T20:47:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8pfq-g48p-x7w8/GHSA-8pfq-g48p-x7w8.json
CWE IDs: ["CWE-285", "CWE-639"]
Alternative ID: GHSA-8pfq-g48p-x7w8
Finding: F039
Auto approve: 1