Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb21-64.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: adobe
Published: 2021-08-10T00:00:00
Updated: 2021-09-01T14:31:24
Reserved: 2021-06-30T00:00:00
Link: CVE-2021-36042
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-01T15:15:10.233
Modified: 2021-09-08T15:03:33.437
Link: CVE-2021-36042
JSON object: View
Redhat Information
No data.