CVE-2021-23405

pimcore/pimcore

on github

Published

July 9, 2021

Severity

CVSS v3:

8.8 HIGH

CVSS v2:

6.5 MEDIUM

Description

This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.

References

https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1316297
https://github.com/pimcore/pimcore/pull/9572

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:pimcore:pimcore::::::::	n/a	10.0.7	*

External Links

NVD - CVE-2021-23405