CVE-2021-21064
Last modified
CVE-2021-21064 is a vulnerability of currently unknown severity. Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. EPSS estimates a 8.51% chance of exploitation in the next 30 days.
Description
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Magento | Upward Connector | <= 1.1.2 |
| Magento | Upward Php | <= 1.1.4 |
References
- https://github.com/magento/upward-php/securityThird Party Advisory
- https://github.com/magento/upward-php/security/advisories/GHSA-p4pw-hpjx-5685Third Party Advisory
- https://github.com/magento/upward-php/securityThird Party Advisory
- https://github.com/magento/upward-php/security/advisories/GHSA-p4pw-hpjx-5685Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-21064?
How severe is CVE-2021-21064?
How do I fix CVE-2021-21064?
Are you affected by CVE-2021-21064?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST