CVE-2021-23405

This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt