CVE-2021-28585

MEDIUM5.3EPSS 0.35%

Magento Commerce improper input validation in customer customer webapi

Published: 5/24/2022Modified: 3/20/2026

Description

Magento versions 2.4.2 (and earlier), 2.4.1 (and earlier) and 2.3.6 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails.

Affected packages (3)

Bitnami/magentofrom 0, < 2.3.6, >= 2.4.1, < 2.4.2, >= 2.4.2, < 2.4.3
Packagist/magento/community-edition>= 2.4.0, < 2.4.2-p1
Packagist/magento/project-community-editionfrom 0, <= 2.0.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-28585
WEBhttps://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695
WEBhttps://helpx.adobe.com/security/products/magento/apsb21-30.html