CVE-2021-36030

EPSS 1.4%

Magento allows attackers to alter the price of items

發布日:2022/5/24修改日:2025/11/7

描述

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

受影響套件(2)

Packagist/magento/community-editionfrom 0, < 2.3.7-p1
Packagist/magento/project-community-editionfrom 0, <= 2.0.2

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-36030
PATCHhttps://github.com/magento/magento2
WEBhttps://helpx.adobe.com/security/products/magento/apsb21-64.html