GHSA-rw3j-574h-mrcq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rw3j-574h-mrcq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-rw3j-574h-mrcq/GHSA-rw3j-574h-mrcq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rw3j-574h-mrcq
- Aliases
- Published
- 2024-09-26T17:38:30Z
- Modified
- 2025-03-05T15:54:39.454701Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- IDOR vulnerability in account profile page
- Details
-
Impact
Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer
- Database specific
{ "severity": "MODERATE", "nvd_published_at": "2024-09-26T16:15:07Z", "github_reviewed_at": "2024-09-26T17:38:30Z", "github_reviewed": true, "cwe_ids": [ "CWE-639" ] }- References
-
- https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq
- https://nvd.nist.gov/vuln/detail/CVE-2024-39319
- https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2
- https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9
- https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac
- https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5
- https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b
- https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f
- https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6
- https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3
- https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb
- https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85
- https://github.com/aimeos/ai-controller-frontend
Affected packages
Packagist
aimeos/ai-controller-frontend
aimeos/ai-controller-frontend
aimeos/ai-controller-frontend
Package
- Name
- aimeos/ai-controller-frontend
- Purl
- pkg:composer/aimeos/ai-controller-frontend
aimeos/ai-controller-frontend
Package
- Name
- aimeos/ai-controller-frontend
- Purl
- pkg:composer/aimeos/ai-controller-frontend
aimeos/ai-controller-frontend
Package
- Name
- aimeos/ai-controller-frontend
- Purl
- pkg:composer/aimeos/ai-controller-frontend
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2020.10.15
Affected versions
2016.*
2016.07.1
2016.07.2
2016.07.3
2016.10.1
2016.10.2
2016.10.3
2016.10.4
2016.10.5
2016.10.6
2017.*
2017.01.1
2017.01.2
2017.04.1
2017.04.2
2017.04.3
2017.04.4
2017.04.5
2017.04.6
2017.04.7
2017.07.1
2017.07.2
2017.07.3
2017.10.1
2017.10.2
2017.10.3
2017.10.4
2017.10.5
2018.*
2018.01.1
2018.01.2
2018.04.1
2018.04.2
2018.04.3
2018.07.1
2018.07.2
2018.07.3
2018.07.4
2018.07.5
2018.07.6
2018.10.1
2018.10.2
2018.10.3
2018.10.4
2018.10.5
2018.10.6
2018.10.7
2018.10.8
2018.10.9
2019.*
2019.01.1
2019.01.2
2019.04.1
2019.04.2
2019.04.3
2019.04.4
2019.04.5
2019.07.1
2019.07.2
2019.07.3
2019.07.4
2019.07.5
2019.10.1
2019.10.2
2019.10.3
2019.10.4
2019.10.5
2019.10.6
2019.10.7
2019.10.8
2019.10.9
2019.10.10
2019.10.11
2019.10.12
2019.10.13
2019.10.14
2019.10.15
2019.10.16
2020.*
2020.01.1
2020.01.2
2020.04.1
2020.07.1
2020.07.2
2020.10.1
2020.10.2
2020.10.3
2020.10.4
2020.10.5
2020.10.6
2020.10.7
2020.10.8
2020.10.9
2020.10.10
2020.10.11
2020.10.12
2020.10.13
2020.10.14