Back

CVE-2024-39325

July 2, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

aimeos/ai-controller-frontend

  • 2024.04.2
  • 2023.10.9
  • 2022.10.8
  • 2021.10.8
  • 2020.10.15

Source

security-advisories@github.com

Tags

security-advisories@github.com
CWE-841
2024-07-02
CVE-2024-39325

CVE-2024-39325 details

Published : July 2, 2024, 9:15 p.m.
Last Modified : July 2, 2024, 9:15 p.m.

Description

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

CVSS Score

1 2 3 4 5.3 6 7 8 9 10

Weakness

Weakness Name Description
CWE-841 Improper Enforcement of Behavioral Workflow The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

5.3

Exploitability Score

3.9

Impact Score

1.4

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

URL Source
https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268 security-advisories@github.com
https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630 security-advisories@github.com
https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d security-advisories@github.com
https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7 security-advisories@github.com
https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855 security-advisories@github.com
https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.