GHSA-qxgx-hvg3-v92w

Source

https://github.com/advisories/GHSA-qxgx-hvg3-v92w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-qxgx-hvg3-v92w/GHSA-qxgx-hvg3-v92w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qxgx-hvg3-v92w

Aliases

CVE-2024-47173

Published

2024-10-24T17:48:40Z

Modified

2024-10-24T22:06:36.312546Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups

Details

All SaaS and marketplace setups using Aimeos version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack

Database specific

{
    "nvd_published_at": "2024-10-24T19:15:14Z",
    "cwe_ids": [
        "CWE-270"
    ],
    "github_reviewed_at": "2024-10-24T17:48:40Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Packagist / aimeos/ai-admin-graphql

Package

Name: aimeos/ai-admin-graphql
Purl: pkg:composer/aimeos/ai-admin-graphql

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2024.04.1

Fixed

2024.07.2

Affected versions

2024.*

2024.04.1

2024.04.2

2024.04.3

2024.04.4

2024.04.5

2024.04.6

2024.04.7

2024.07.1