Description
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.
Remediation
References
Related Vulnerabilities
WordPress Plugin arcResBookingWidget Multiple Vulnerabilities (1.0)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3508)
Magento Improper Input Validation Vulnerability (CVE-2019-7898)
WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.6.1)