CVE-2024-50654

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50654
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50654.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-50654
Published
2024-11-15T17:15:20.507Z
Modified
2026-04-10T05:19:35.888181Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.

References

Affected packages

Git / github.com/lilishop/lilishop

Affected ranges

Type
GIT
Repo
https://github.com/lilishop/lilishop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9616c27efa143b736c741ea9e19a707f8132dc32
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.4"
        }
    ]
}

Affected versions

v4.*
v4.2.1
v4.2.2
v4.2.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50654.json"