GHSA-ppm5-jv84-2xg2

Suggest an improvement
Source
https://github.com/advisories/GHSA-ppm5-jv84-2xg2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-ppm5-jv84-2xg2/GHSA-ppm5-jv84-2xg2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-ppm5-jv84-2xg2
Aliases
Published
2024-06-25T17:26:56Z
Modified
2024-06-25T22:40:46.383428Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Aimeos HTML client may potentially reveal sensitive information in error log
Details

Impact

Debug information can reveal sensitive information from environment variables in error log

Affected platform

Laravel environments with multi-vendor setups and admin access for the vendors

References

Affected packages

Packagist / aimeos/ai-client-html

Package

Name
aimeos/ai-client-html
Purl
pkg:composer/aimeos/ai-client-html

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2024.04.1
Fixed
2024.04.7

Affected versions

2024.*

2024.04.1
2024.04.2
2024.04.3
2024.04.4
2024.04.5
2024.04.6

Packagist / aimeos/ai-client-html

Package

Name
aimeos/ai-client-html
Purl
pkg:composer/aimeos/ai-client-html

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2023.04.1
Fixed
2023.10.15

Affected versions

2023.*

2023.04.1
2023.04.2
2023.04.3
2023.04.4
2023.07.1
2023.07.2
2023.07.3
2023.07.4
2023.07.5
2023.07.6
2023.10.1
2023.10.2
2023.10.3
2023.10.4
2023.10.5
2023.10.6
2023.10.7
2023.10.8
2023.10.9
2023.10.10
2023.10.11
2023.10.12
2023.10.13
2023.10.14

Packagist / aimeos/ai-client-html

Package

Name
aimeos/ai-client-html
Purl
pkg:composer/aimeos/ai-client-html

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2022.04.1
Fixed
2022.10.13

Affected versions

2022.*

2022.04.1
2022.04.2
2022.04.3
2022.04.4
2022.04.5
2022.04.6
2022.04.7
2022.04.8
2022.04.9
2022.04.10
2022.04.11
2022.04.12
2022.04.13
2022.04.14
2022.04.15
2022.07.1
2022.07.2
2022.07.3
2022.07.4
2022.10.1
2022.10.2
2022.10.3
2022.10.4
2022.10.5
2022.10.6
2022.10.7
2022.10.8
2022.10.9
2022.10.10
2022.10.11
2022.10.12

Packagist / aimeos/ai-client-html

Package

Name
aimeos/ai-client-html
Purl
pkg:composer/aimeos/ai-client-html

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2021.10.1
Fixed
2021.10.22

Affected versions

2021.*

2021.10.1
2021.10.2
2021.10.3
2021.10.4
2021.10.5
2021.10.6
2021.10.7
2021.10.8
2021.10.9
2021.10.10
2021.10.11
2021.10.12
2021.10.13
2021.10.14
2021.10.15
2021.10.16
2021.10.17
2021.10.18
2021.10.19
2021.10.20
2021.10.21