CVE-2021-36030

EPSS 1.4%

Magento allows attackers to alter the price of items

Published: 5/24/2022Modified: 11/7/2025

Description

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

Affected packages (2)

Packagist/magento/community-editionfrom 0, < 2.3.7-p1
Packagist/magento/project-community-editionfrom 0, <= 2.0.2

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-36030
PATCHhttps://github.com/magento/magento2
WEBhttps://helpx.adobe.com/security/products/magento/apsb21-64.html