Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-b5hn-f1qk-z7cu
Summary
Magento improper access control vulnerability within Magento's Media Gallery Upload workflow
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution.
Aliases
0
alias CVE-2021-36036
1
alias GHSA-wqr6-wv6c-p8fx
Fixed_packages
0
url pkg:composer/magento/community-edition@2.3.7-p1
purl pkg:composer/magento/community-edition@2.3.7-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y93w-2qcc-wqg8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1
1
url pkg:composer/magento/community-edition@2.4.2-p2
purl pkg:composer/magento/community-edition@2.4.2-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2
Affected_packages
0
url pkg:composer/magento/community-edition@2.3.7
purl pkg:composer/magento/community-edition@2.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ve-7wxt-z7fz
1
vulnerability VCID-b5hn-f1qk-z7cu
2
vulnerability VCID-nn21-hf8r-ykfd
3
vulnerability VCID-y93w-2qcc-wqg8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7
1
url pkg:composer/magento/community-edition@2.4.2-p1
purl pkg:composer/magento/community-edition@2.4.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36ve-7wxt-z7fz
1
vulnerability VCID-b5hn-f1qk-z7cu
2
vulnerability VCID-nn21-hf8r-ykfd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1
2
url pkg:composer/magento/community-edition@2.4.2
purl pkg:composer/magento/community-edition@2.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1k4q-2ttb-13hd
1
vulnerability VCID-36ve-7wxt-z7fz
2
vulnerability VCID-b5hn-f1qk-z7cu
3
vulnerability VCID-nn21-hf8r-ykfd
4
vulnerability VCID-yvcy-4e8m-p3b8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2
3
url pkg:composer/magento/project-community-edition@2.0.2
purl pkg:composer/magento/project-community-edition@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2h52-3pt6-dfcw
2
vulnerability VCID-2vsw-t8k2-4bfm
3
vulnerability VCID-2z3f-wtw6-yydf
4
vulnerability VCID-36ve-7wxt-z7fz
5
vulnerability VCID-3et4-3zad-1qfn
6
vulnerability VCID-3zcy-b3th-ukhd
7
vulnerability VCID-4dae-vty8-b7hk
8
vulnerability VCID-525q-afzj-tkcp
9
vulnerability VCID-5gxr-xksz-5ydb
10
vulnerability VCID-6p6q-ctya-q3bv
11
vulnerability VCID-6t9w-cnkz-s3c3
12
vulnerability VCID-6tx4-wexr-fkbb
13
vulnerability VCID-7hrm-jtbx-sqgm
14
vulnerability VCID-7s74-rdkp-vyaf
15
vulnerability VCID-7s7e-adr6-h3dc
16
vulnerability VCID-8hx4-r8bb-n7ge
17
vulnerability VCID-8ky6-w2nk-9bds
18
vulnerability VCID-8msu-s38a-p7e3
19
vulnerability VCID-8shb-t5zp-rqbu
20
vulnerability VCID-9cc9-npdc-8bac
21
vulnerability VCID-9vrt-uccb-myev
22
vulnerability VCID-a8gs-ervm-e3hm
23
vulnerability VCID-a9b6-tenb-afdw
24
vulnerability VCID-agtm-nkhp-dkdn
25
vulnerability VCID-az2w-5xhy-5fe4
26
vulnerability VCID-b3cn-pjp3-4yhm
27
vulnerability VCID-b4jg-dj1a-9qd5
28
vulnerability VCID-b5hn-f1qk-z7cu
29
vulnerability VCID-b9ry-u6qy-j7cc
30
vulnerability VCID-cafy-5dd8-rudj
31
vulnerability VCID-cc8x-6es1-8kc5
32
vulnerability VCID-ccx1-qacj-2qev
33
vulnerability VCID-cgwk-hn4t-n7c1
34
vulnerability VCID-cm2a-1yc5-v3cy
35
vulnerability VCID-cqjn-3z6n-sff1
36
vulnerability VCID-d2ab-j8bf-e7dx
37
vulnerability VCID-d6mk-hg8h-7qbc
38
vulnerability VCID-dj5a-35gt-u7dn
39
vulnerability VCID-dpgz-dacm-sqg6
40
vulnerability VCID-dx43-89w9-a7dg
41
vulnerability VCID-e9zx-zy9y-2fcp
42
vulnerability VCID-egy6-nku7-zyap
43
vulnerability VCID-eygc-ra9u-gyej
44
vulnerability VCID-fz5y-um7w-63f4
45
vulnerability VCID-fzam-yuyg-qyd5
46
vulnerability VCID-fzm9-e6bg-r7aw
47
vulnerability VCID-gedj-39p5-ubd6
48
vulnerability VCID-hbau-7tvg-cygz
49
vulnerability VCID-hh8a-mgkk-3yb5
50
vulnerability VCID-j124-q39m-mkby
51
vulnerability VCID-j5vp-2jrx-ukf4
52
vulnerability VCID-j6ss-8f4e-e7g2
53
vulnerability VCID-jhd5-tqph-3ufu
54
vulnerability VCID-jr49-4fs3-8qcp
55
vulnerability VCID-kezx-5nw5-hfen
56
vulnerability VCID-kxnm-y19k-mqg2
57
vulnerability VCID-m5z8-hz81-j7b7
58
vulnerability VCID-m83v-51cy-uqar
59
vulnerability VCID-md7v-w5aq-t7h1
60
vulnerability VCID-mhvf-2keh-2qar
61
vulnerability VCID-mjb6-7au8-5fdx
62
vulnerability VCID-msac-ptqf-pyg1
63
vulnerability VCID-mtr5-suag-2bdj
64
vulnerability VCID-nn21-hf8r-ykfd
65
vulnerability VCID-p222-28c1-vfhy
66
vulnerability VCID-qfw5-3tdu-x7g4
67
vulnerability VCID-qj4x-u7gx-9uf1
68
vulnerability VCID-qp7s-amch-v3cd
69
vulnerability VCID-qrwc-3gsb-zkfy
70
vulnerability VCID-qzqd-271b-ybfj
71
vulnerability VCID-r4bw-w4t9-23ek
72
vulnerability VCID-r7nh-arcj-8fb3
73
vulnerability VCID-rbjk-3gcs-2qb5
74
vulnerability VCID-re84-qg3k-3ub3
75
vulnerability VCID-rf6p-ct86-5bgz
76
vulnerability VCID-ruru-fwmn-5kes
77
vulnerability VCID-s4bp-kzfu-8qfy
78
vulnerability VCID-s5e2-d6n8-kkbr
79
vulnerability VCID-scg7-ugdn-53b9
80
vulnerability VCID-tc3m-4bkg-qkcf
81
vulnerability VCID-te3b-exz5-zke1
82
vulnerability VCID-th7y-aj51-mbaj
83
vulnerability VCID-tvz9-8s4d-gbg6
84
vulnerability VCID-tzug-ckkn-dyft
85
vulnerability VCID-upcj-z3c1-ubcf
86
vulnerability VCID-w3zd-fezc-nuhd
87
vulnerability VCID-wjfe-wh5k-1qft
88
vulnerability VCID-ws6y-k3tx-r3gb
89
vulnerability VCID-wzu6-rbsv-mkde
90
vulnerability VCID-x46d-a16g-nkg9
91
vulnerability VCID-xsq8-ztqh-ubb8
92
vulnerability VCID-y4r1-yr69-uuf6
93
vulnerability VCID-y7x4-664r-3fbk
94
vulnerability VCID-y93w-2qcc-wqg8
95
vulnerability VCID-yuvf-e7hk-kqf9
96
vulnerability VCID-yyq6-dvyx-3bb9
97
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@2.0.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36036
reference_id
reference_type
scores
0
value 0.01566
scoring_system epss
scoring_elements 0.81845
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36036
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb21-64.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://helpx.adobe.com/security/products/magento/apsb21-64.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36036
reference_id CVE-2021-36036
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36036
4
reference_url https://github.com/advisories/GHSA-wqr6-wv6c-p8fx
reference_id GHSA-wqr6-wv6c-p8fx
reference_type
scores
url https://github.com/advisories/GHSA-wqr6-wv6c-p8fx
Weaknesses
0
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-b5hn-f1qk-z7cu