CVE-2021-36030

Summary

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

Affected Software

VendorProductVersion RangeStatus
AdobeMagento Commerceunspecified <= 2.4.2affected
AdobeMagento Commerceunspecified <= 2.4.2-p1affected
AdobeMagento Commerceunspecified <= 2.3.7affected
AdobeMagento Commerceunspecified <= Noneaffected

Weaknesses

  • CWE-20: Improper Input Validation (CWE-20)

ADP Enrichment

CVE Program Container

Additional References

References