PT-2021-6356 · Adobe · Magento Commerce
Published
2021-08-11
·
Updated
2022-05-24
·
CVE-2021-36044
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Magento Commerce versions 2.4.2 and earlier
Magento Commerce versions 2.4.2-p1 and earlier
Magento Commerce versions 2.3.7 and earlier
Description
The issue exists due to insufficient input validation in the Magento Commerce platform, allowing a remote attacker to cause a denial-of-service. An unauthenticated attacker could exploit this to cause a server-side denial-of-service using a GraphQL field.
Recommendations
For versions 2.4.2 and earlier, update to a version that includes the fix for the improper input validation vulnerability.
For versions 2.4.2-p1 and earlier, update to a version that includes the fix for the improper input validation vulnerability.
For versions 2.3.7 and earlier, update to a version that includes the fix for the improper input validation vulnerability.
As a temporary workaround, consider restricting access to GraphQL fields to minimize the risk of exploitation.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento Commerce