CVE-2021-36038
Magento discloses sensitive information via the Multishipping Module
6.5
MEDIUM
CVSS 3.1
EPSS 1.5%
Description
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.
How to fix CVE-2021-36038
To remediate CVE-2021-36038, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.7-p1 or later
- —no fix listed
Is CVE-2021-36038 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.7-p1
- from 0, <= 2.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |