CVE-2024-37296
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-37296
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37296.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-37296
- Aliases
- Published
- 2024-06-11T14:43:39Z
- Modified
- 2025-10-22T18:42:45.656639Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Aimeos HTML client vulnerable to digital products download without proper payment status check
- Details
-
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.
- Database specific
{ "cwe_ids": [ "CWE-841", "CWE-862" ] }- References
-
- https://github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7
- https://github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83
- https://github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214
- https://github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975
- https://github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409
- https://github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0
Affected packages
Git / github.com/aimeos/ai-client-html
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aimeos/ai-client-html
- Events
- Type
- GIT
- Repo
- https://github.com/aimeos/ai-client-html
- Events
- Type
- GIT
- Repo
- https://github.com/aimeos/ai-client-html
- Events
- Type
- GIT
- Repo
- https://github.com/aimeos/ai-client-html
- Events
- Type
- GIT
- Repo
- https://github.com/aimeos/ai-client-html
- Events