CVE-2021-36038

MEDIUM6.5EPSS 1.5%

Magento discloses sensitive information via the Multishipping Module

發布日:2022/5/24修改日:2025/11/7

描述

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.

受影響套件(2)

Packagist/magento/community-editionfrom 0, < 2.3.7-p1
Packagist/magento/project-community-editionfrom 0, <= 2.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-36038
PATCHhttps://github.com/magento/magento2
WEBhttps://helpx.adobe.com/security/products/magento/apsb21-64.html