CVE-2024-39325

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39325

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39325.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39325

Aliases

GHSA-m9gv-6p22-qgmj

Published

2024-07-02T21:15:11Z

Modified

2024-10-15T16:45:26.282349Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

References

Affected packages

Git / github.com/aimeos/ai-controller-frontend

Affected ranges

Type: GIT
Repo: https://github.com/aimeos/ai-controller-frontend
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

16b8837d2466e3665b3c826ce87934b01a847268

Fixed

24a57001e56759d1582d2a0080fc1ca3ba328630

Fixed

28549808e0f6432a34cd3fb95556deeb86ca276d

Fixed

b1960c0b6e5ee93111a5360c9ce949b3e7528cf7

Fixed

dafa072783bb692f111ed092d9d2932c113eb855

Affected versions

2016.*

2016.07.1

2017.*

2017.01.1

2017.07.1

2018.*

2018.01.1

2019.*

2019.04.1

2020.*

2020.10.1

2020.10.10

2020.10.11

2020.10.12

2020.10.13

2020.10.14

2020.10.2

2020.10.3

2020.10.4

2020.10.5

2020.10.6

2020.10.7

2020.10.8

2020.10.9

2021.*

2021.10.1

2021.10.2

2021.10.3

2021.10.4

2021.10.5

2021.10.6

2021.10.7

2022.*

2022.10.1

2022.10.2

2022.10.3

2022.10.4

2022.10.5

2022.10.6

2022.10.7

2023.*

2023.10.1

2023.10.2

2023.10.3

2023.10.4

2023.10.5

2023.10.6

2023.10.7

2023.10.8

2024.*

2024.04.1