[CRITICAL] Magento XML injection in the Widgets module

PKSA-6mpp-zh74-59gd CVE-2021-21019 GHSA-mw95-gmw4-883p

Affected package: magento/community-edition

Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1

Reported by:
GitHub