{"id":"CVE-2021-21064","details":"Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.","modified":"2026-04-10T04:29:30.537952Z","published":"2021-02-25T14:15:12.143Z","related":["GHSA-p4pw-hpjx-5685"],"references":[{"type":"ADVISORY","url":"https://github.com/magento/upward-php/security"},{"type":"ADVISORY","url":"https://github.com/magento/upward-php/security/advisories/GHSA-p4pw-hpjx-5685"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/upward-php","events":[{"introduced":"0"},{"last_affected":"f6a53dc6285824a72ad4876d77af68d4292cb741"},{"introduced":"0"},{"last_affected":"c314fe07ad19aecc49c5ae0ae473f17c4b6859bc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.2"},{"introduced":"0"},{"last_affected":"1.1.4"}]}}],"versions":["1.0.0","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21064.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}