[HIGH] Magento OS command injection via the customer attribute save controller

PKSA-q4dq-szdv-ng3x CVE-2021-21015 GHSA-w2p4-2c8c-2g7h

Affected package: magento/community-edition

Affected version: >=2.4.0,<2.4.2|<2.3.6-p1

Reported by:
GitHub