CVE-2021-36040
CVE-2021-36040 affects Magento Commerce: versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The issue is improper input validation that allows an attacker with admin privileges to upload a specially crafted file and bypass file extension restrictions, potentially enabl...