[CRITICAL] Magento has a file extension restrictions bypass

PKSA-ztts-2y99-bcdy CVE-2021-36040 GHSA-2pq5-gpqf-g4r3

Affected package: magento/project-community-edition

Affected version: <=2.0.2

Reported by:
GitHub