CVE-2024-39325
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/07/2024
Last modified:
15/10/2024
Description
aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn&#39;t reset the payment status of a user&#39;s basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.<br />
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:* | 2020.10.15 (excluding) | |
| cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:* | 2021.04.1 (including) | 2021.10.8 (excluding) |
| cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:* | 2022.04.1 (including) | 2022.10.8 (excluding) |
| cpe:2.3:a:aimeos:aimeos_frontend_controller:*:*:*:*:*:*:*:* | 2023.04.1 (including) | 2023.10.9 (excluding) |
| cpe:2.3:a:aimeos:aimeos_frontend_controller:2024.04.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268
- https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630
- https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d
- https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7
- https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855
- https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj