Skip to content

Commit e6004b2

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-j46h-qjjv-cxfj GHSA-wgpr-9675-8r67 GHSA-j46h-qjjv-cxfj GHSA-wgpr-9675-8r67
1 parent b4b7fa5 commit e6004b2

File tree

4 files changed

+234
-67
lines changed

4 files changed

+234
-67
lines changed

advisories/github-reviewed/2022/05/GHSA-j46h-qjjv-cxfj/GHSA-j46h-qjjv-cxfj.json

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j46h-qjjv-cxfj",
4+
"modified": "2025-11-07T23:23:17Z",
5+
"published": "2022-05-24T19:12:46Z",
6+
"aliases": [
7+
"CVE-2021-36034"
8+
],
9+
"summary": "Magento affected by remote code execution via a file upload",
10+
"details": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"versions": [
43+
"2.4.2"
44+
]
45+
},
46+
{
47+
"package": {
48+
"ecosystem": "Packagist",
49+
"name": "magento/community-edition"
50+
},
51+
"ranges": [
52+
{
53+
"type": "ECOSYSTEM",
54+
"events": [
55+
{
56+
"introduced": "2.4.2-p1"
57+
},
58+
{
59+
"fixed": "2.4.2-p2"
60+
}
61+
]
62+
}
63+
]
64+
},
65+
{
66+
"package": {
67+
"ecosystem": "Packagist",
68+
"name": "magento/community-edition"
69+
},
70+
"versions": [
71+
"2.3.7"
72+
]
73+
},
74+
{
75+
"package": {
76+
"ecosystem": "Packagist",
77+
"name": "magento/community-edition"
78+
},
79+
"ranges": [
80+
{
81+
"type": "ECOSYSTEM",
82+
"events": [
83+
{
84+
"introduced": "0"
85+
},
86+
{
87+
"fixed": "2.3.7-p1"
88+
}
89+
]
90+
}
91+
]
92+
}
93+
],
94+
"references": [
95+
{
96+
"type": "ADVISORY",
97+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36034"
98+
},
99+
{
100+
"type": "PACKAGE",
101+
"url": "https://github.com/magento/magento2"
102+
},
103+
{
104+
"type": "WEB",
105+
"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html"
106+
}
107+
],
108+
"database_specific": {
109+
"cwe_ids": [
110+
"CWE-20"
111+
],
112+
"severity": "HIGH",
113+
"github_reviewed": true,
114+
"github_reviewed_at": "2025-11-07T23:23:17Z",
115+
"nvd_published_at": "2021-09-01T15:15:00Z"
116+
}
117+
}

advisories/github-reviewed/2022/05/GHSA-wgpr-9675-8r67/GHSA-wgpr-9675-8r67.json

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wgpr-9675-8r67",
4+
"modified": "2025-11-07T23:24:03Z",
5+
"published": "2022-05-24T19:12:46Z",
6+
"aliases": [
7+
"CVE-2021-36038"
8+
],
9+
"summary": "Magento discloses sensitive information via the Multishipping Module",
10+
"details": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "2.3.7-p1"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"versions": [
62+
"2.3.7"
63+
]
64+
},
65+
{
66+
"package": {
67+
"ecosystem": "Packagist",
68+
"name": "magento/community-edition"
69+
},
70+
"ranges": [
71+
{
72+
"type": "ECOSYSTEM",
73+
"events": [
74+
{
75+
"introduced": "2.4.2-p1"
76+
},
77+
{
78+
"fixed": "2.4.2-p2"
79+
}
80+
]
81+
}
82+
]
83+
},
84+
{
85+
"package": {
86+
"ecosystem": "Packagist",
87+
"name": "magento/community-edition"
88+
},
89+
"versions": [
90+
"2.4.2"
91+
]
92+
}
93+
],
94+
"references": [
95+
{
96+
"type": "ADVISORY",
97+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36038"
98+
},
99+
{
100+
"type": "PACKAGE",
101+
"url": "https://github.com/magento/magento2"
102+
},
103+
{
104+
"type": "WEB",
105+
"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html"
106+
}
107+
],
108+
"database_specific": {
109+
"cwe_ids": [
110+
"CWE-20"
111+
],
112+
"severity": "MODERATE",
113+
"github_reviewed": true,
114+
"github_reviewed_at": "2025-11-07T23:24:02Z",
115+
"nvd_published_at": "2021-09-01T15:15:00Z"
116+
}
117+
}

advisories/unreviewed/2022/05/GHSA-j46h-qjjv-cxfj/GHSA-j46h-qjjv-cxfj.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

advisories/unreviewed/2022/05/GHSA-wgpr-9675-8r67/GHSA-wgpr-9675-8r67.json

Lines changed: 0 additions & 31 deletions
This file was deleted.

0 commit comments

Comments
 (0)