[CRITICAL] Magento has a file extension restrictions bypass

PKSA-4q5r-zm57-6btb CVE-2021-36040 GHSA-2pq5-gpqf-g4r3

Affected package: magento/community-edition

Affected version: <2.3.7-p1|=2.3.7|>=2.4.2-p1,<2.4.2-p2|=2.4.2

Reported by:
GitHub