CVE-2024-39325

CVSS V2 None CVSS V3 None

Description

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

Overview

CVE ID
CVE-2024-39325

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-07-02T20:36:58.336Z

Last Modified Date
2024-07-02T21:12:10.982Z

Weakness Enumerations

CWE	URL
CWE-841	http://cwe.mitre.org/data/definitions/841.html

References

Reference URL	Reference Tags
https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj	x_refsource_CONFIRM
https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268	x_refsource_MISC
https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630	x_refsource_MISC
https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d	x_refsource_MISC
https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7	x_refsource_MISC
https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-39325
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39325

History

Created	Old Value	New Value	Data Type	Notes
2024-07-03 13:13:25				Added to TrackCVE