CVE-2021-21022
Magento Commerce/Open Source versions 2.4.1 and earlier, 2.4.0-p1 and earlier, and 2.3.6 and earlier are affected by an insecure direct object reference (IDOR) in the product module, enabling unauthorized access to restricted resources. The issue is a direct object reference vulnerability (IDOR) ...