CVE-2021-23405
Published
CVSS v3
8.3
HIGH
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.
Core Framework for the Open Core Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce)
GitHub