CVE-2024-39319

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39319
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39319.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-39319
Aliases
Published
2024-09-26T16:07:01Z
Modified
2025-11-11T03:03:36.161874Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
Details

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-639"
    ]
}
References

Affected packages

Git / github.com/aimeos/ai-controller-frontend

Affected ranges

Type
GIT
Repo
https://github.com/aimeos/ai-controller-frontend
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
79e96ea38326ff4833487be12e40776538e795b8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 2024.04.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-controller-frontend
Events
Introduced
a60325f9e8edfe94ebdbf26788978ed0e9fd3f7d
Fixed
6ea6b82f5a1fc18c574cb6f97225930d139b14a5
Database specific 
{
    "versions": [
        {
            "introduced": "2023.04.1"
        },
        {
            "fixed": "2023.10.9"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-controller-frontend
Events
Introduced
db28e50401191e40b21237dc4a10efcd69133775
Fixed
f7c6a9ce2a6f5a9ad4af31313508870a78398f85
Database specific 
{
    "versions": [
        {
            "introduced": "2022.04.1"
        },
        {
            "fixed": "2022.10.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-controller-frontend
Events
Introduced
9914e3d56e6d202ecdcaf08f8c699c479238f199
Fixed
8183c0cd2b7e45cbefc8ca22b61643d29de92f6f
Database specific 
{
    "versions": [
        {
            "introduced": "2021.04.1"
        },
        {
            "fixed": "2021.10.8"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-controller-frontend
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e663f813f311c5af60d67510714c27795a1d043d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2020.10.15"
        }
    ]
}

Affected versions

2016.*

2016.07.1

2017.*

2017.01.1
2017.07.1

2018.*

2018.01.1

2019.*

2019.04.1

2020.*

2020.10.1
2020.10.10
2020.10.11
2020.10.12
2020.10.13
2020.10.14
2020.10.2
2020.10.3
2020.10.4
2020.10.5
2020.10.6
2020.10.7
2020.10.8
2020.10.9

2024.*

2024.04.1