Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-nn21-hf8r-ykfd
Summary
Magento XML Injection vulnerability in the Widgets Update Layout
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.
Aliases
0
alias CVE-2021-36023
1
alias GHSA-8cjg-f53m-8m9q
Fixed_packages
0
url pkg:composer/magento/community-edition@2.3.7-p1
purl pkg:composer/magento/community-edition@2.3.7-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y93w-2qcc-wqg8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1
1
url pkg:composer/magento/community-edition@2.4.2-p2
purl pkg:composer/magento/community-edition@2.4.2-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2
Affected_packages
0
url pkg:composer/magento/community-edition@2.3.7
purl pkg:composer/magento/community-edition@2.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ve-7wxt-z7fz
1
vulnerability VCID-b5hn-f1qk-z7cu
2
vulnerability VCID-nn21-hf8r-ykfd
3
vulnerability VCID-y93w-2qcc-wqg8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7
1
url pkg:composer/magento/community-edition@2.4.2-p1
purl pkg:composer/magento/community-edition@2.4.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ve-7wxt-z7fz
1
vulnerability VCID-b5hn-f1qk-z7cu
2
vulnerability VCID-nn21-hf8r-ykfd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1
2
url pkg:composer/magento/community-edition@2.4.2
purl pkg:composer/magento/community-edition@2.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1k4q-2ttb-13hd
1
vulnerability VCID-36ve-7wxt-z7fz
2
vulnerability VCID-b5hn-f1qk-z7cu
3
vulnerability VCID-nn21-hf8r-ykfd
4
vulnerability VCID-yvcy-4e8m-p3b8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2
3
url pkg:composer/magento/project-community-edition@2.0.2
purl pkg:composer/magento/project-community-edition@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2h52-3pt6-dfcw
2
vulnerability VCID-2vsw-t8k2-4bfm
3
vulnerability VCID-2z3f-wtw6-yydf
4
vulnerability VCID-36ve-7wxt-z7fz
5
vulnerability VCID-3et4-3zad-1qfn
6
vulnerability VCID-3zcy-b3th-ukhd
7
vulnerability VCID-4dae-vty8-b7hk
8
vulnerability VCID-525q-afzj-tkcp
9
vulnerability VCID-5gxr-xksz-5ydb
10
vulnerability VCID-6p6q-ctya-q3bv
11
vulnerability VCID-6t9w-cnkz-s3c3
12
vulnerability VCID-6tx4-wexr-fkbb
13
vulnerability VCID-7hrm-jtbx-sqgm
14
vulnerability VCID-7s74-rdkp-vyaf
15
vulnerability VCID-7s7e-adr6-h3dc
16
vulnerability VCID-8hx4-r8bb-n7ge
17
vulnerability VCID-8ky6-w2nk-9bds
18
vulnerability VCID-8msu-s38a-p7e3
19
vulnerability VCID-8shb-t5zp-rqbu
20
vulnerability VCID-9cc9-npdc-8bac
21
vulnerability VCID-9vrt-uccb-myev
22
vulnerability VCID-a8gs-ervm-e3hm
23
vulnerability VCID-a9b6-tenb-afdw
24
vulnerability VCID-agtm-nkhp-dkdn
25
vulnerability VCID-az2w-5xhy-5fe4
26
vulnerability VCID-b3cn-pjp3-4yhm
27
vulnerability VCID-b4jg-dj1a-9qd5
28
vulnerability VCID-b5hn-f1qk-z7cu
29
vulnerability VCID-b9ry-u6qy-j7cc
30
vulnerability VCID-cafy-5dd8-rudj
31
vulnerability VCID-cc8x-6es1-8kc5
32
vulnerability VCID-ccx1-qacj-2qev
33
vulnerability VCID-cgwk-hn4t-n7c1
34
vulnerability VCID-cm2a-1yc5-v3cy
35
vulnerability VCID-cqjn-3z6n-sff1
36
vulnerability VCID-d2ab-j8bf-e7dx
37
vulnerability VCID-d6mk-hg8h-7qbc
38
vulnerability VCID-dj5a-35gt-u7dn
39
vulnerability VCID-dpgz-dacm-sqg6
40
vulnerability VCID-dx43-89w9-a7dg
41
vulnerability VCID-e9zx-zy9y-2fcp
42
vulnerability VCID-egy6-nku7-zyap
43
vulnerability VCID-eygc-ra9u-gyej
44
vulnerability VCID-fz5y-um7w-63f4
45
vulnerability VCID-fzam-yuyg-qyd5
46
vulnerability VCID-fzm9-e6bg-r7aw
47
vulnerability VCID-gedj-39p5-ubd6
48
vulnerability VCID-hbau-7tvg-cygz
49
vulnerability VCID-hh8a-mgkk-3yb5
50
vulnerability VCID-j124-q39m-mkby
51
vulnerability VCID-j5vp-2jrx-ukf4
52
vulnerability VCID-j6ss-8f4e-e7g2
53
vulnerability VCID-jhd5-tqph-3ufu
54
vulnerability VCID-jr49-4fs3-8qcp
55
vulnerability VCID-kezx-5nw5-hfen
56
vulnerability VCID-kxnm-y19k-mqg2
57
vulnerability VCID-m5z8-hz81-j7b7
58
vulnerability VCID-m83v-51cy-uqar
59
vulnerability VCID-md7v-w5aq-t7h1
60
vulnerability VCID-mhvf-2keh-2qar
61
vulnerability VCID-mjb6-7au8-5fdx
62
vulnerability VCID-msac-ptqf-pyg1
63
vulnerability VCID-mtr5-suag-2bdj
64
vulnerability VCID-nn21-hf8r-ykfd
65
vulnerability VCID-p222-28c1-vfhy
66
vulnerability VCID-qfw5-3tdu-x7g4
67
vulnerability VCID-qj4x-u7gx-9uf1
68
vulnerability VCID-qp7s-amch-v3cd
69
vulnerability VCID-qrwc-3gsb-zkfy
70
vulnerability VCID-qzqd-271b-ybfj
71
vulnerability VCID-r4bw-w4t9-23ek
72
vulnerability VCID-r7nh-arcj-8fb3
73
vulnerability VCID-rbjk-3gcs-2qb5
74
vulnerability VCID-re84-qg3k-3ub3
75
vulnerability VCID-rf6p-ct86-5bgz
76
vulnerability VCID-ruru-fwmn-5kes
77
vulnerability VCID-s4bp-kzfu-8qfy
78
vulnerability VCID-s5e2-d6n8-kkbr
79
vulnerability VCID-scg7-ugdn-53b9
80
vulnerability VCID-tc3m-4bkg-qkcf
81
vulnerability VCID-te3b-exz5-zke1
82
vulnerability VCID-th7y-aj51-mbaj
83
vulnerability VCID-tvz9-8s4d-gbg6
84
vulnerability VCID-tzug-ckkn-dyft
85
vulnerability VCID-upcj-z3c1-ubcf
86
vulnerability VCID-w3zd-fezc-nuhd
87
vulnerability VCID-wjfe-wh5k-1qft
88
vulnerability VCID-ws6y-k3tx-r3gb
89
vulnerability VCID-wzu6-rbsv-mkde
90
vulnerability VCID-x46d-a16g-nkg9
91
vulnerability VCID-xsq8-ztqh-ubb8
92
vulnerability VCID-y4r1-yr69-uuf6
93
vulnerability VCID-y7x4-664r-3fbk
94
vulnerability VCID-y93w-2qcc-wqg8
95
vulnerability VCID-yuvf-e7hk-kqf9
96
vulnerability VCID-yyq6-dvyx-3bb9
97
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@2.0.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36023
reference_id
reference_type
scores
0
value 0.1628
scoring_system epss
scoring_elements 0.9495
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36023
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb21-64.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://helpx.adobe.com/security/products/magento/apsb21-64.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36023
reference_id CVE-2021-36023
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36023
4
reference_url https://github.com/advisories/GHSA-8cjg-f53m-8m9q
reference_id GHSA-8cjg-f53m-8m9q
reference_type
scores
url https://github.com/advisories/GHSA-8cjg-f53m-8m9q
Weaknesses
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-nn21-hf8r-ykfd