[CRITICAL] Magento OS command injection via the WebAPI

PKSA-g12r-tk3d-rbjb CVE-2021-21016 GHSA-792f-c8mp-2cr5

Affected package: magento/community-edition

Affected version: >=2.4.0,<2.4.2|<2.3.6-p1

Reported by:
GitHub