{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "2.3.0" }, { "last_affected": "2.3.7" }, { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "introduced": "0" }, { "last_affected": "2.4.2-p1" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.7" }, { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "introduced": "0" }, { "last_affected": "2.4.2-p1" } ] }, "events": [ { "introduced": "f4c1d7526f05bdfb1327b0701cc345f94aadcaed" }, { "last_affected": "44a7b6079bcac5ba92040b16f4f74024b4f34d09" }, { "introduced": "6729b6e01368248abc33300208eb292c95050203" }, { "last_affected": "33242e4b19cf207d7b73f7791ef894b48bb41f8a" }, { "introduced": "0" }, { "last_affected": "1bd5cb8c065e44779526c0b044ce19b884707695" }, { "introduced": "f4c1d7526f05bdfb1327b0701cc345f94aadcaed" }, { "last_affected": "44a7b6079bcac5ba92040b16f4f74024b4f34d09" }, { "introduced": "6729b6e01368248abc33300208eb292c95050203" }, { "last_affected": "33242e4b19cf207d7b73f7791ef894b48bb41f8a" }, { "introduced": "0" }, { "last_affected": "1bd5cb8c065e44779526c0b044ce19b884707695" } ], "repo": "https://github.com/magento/magento2", "type": "GIT" } ] } ], "details": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.", "id": "CVE-2021-36038", "modified": "2026-03-13T21:54:42.233995463Z", "published": "2021-09-01T15:15:09.977Z", "references": [ { "type": "FIX", "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }