GHSA-xjm6-jfmg-qc6p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xjm6-jfmg-qc6p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-xjm6-jfmg-qc6p/GHSA-xjm6-jfmg-qc6p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xjm6-jfmg-qc6p
- Aliases
-
- CVE-2024-37294
- Published
- 2024-05-29T14:38:11Z
- Modified
- 2024-06-11T21:14:02.207949Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
- Summary
- Aimeos denial of service vulnerability in SaaS and marketplace setups
- Details
-
Impact
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack
Patches
Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core package
- Database specific
{ "nvd_published_at": "2024-06-11T15:16:09Z", "cwe_ids": [ "CWE-270" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-29T14:38:11Z" }- References
-
- https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p
- https://nvd.nist.gov/vuln/detail/CVE-2024-37294
- https://github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6f
- https://github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461
- https://github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45f
- https://github.com/aimeos/aimeos-core
- https://github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17
- https://github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17
- https://github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7
Affected packages
Packagist / aimeos/aimeos-core
Package
- Name
- aimeos/aimeos-core
- Purl
- pkg:composer/aimeos/aimeos-core
Packagist / aimeos/aimeos-core
Package
- Name
- aimeos/aimeos-core
- Purl
- pkg:composer/aimeos/aimeos-core
Packagist / aimeos/aimeos-core
Package
- Name
- aimeos/aimeos-core
- Purl
- pkg:composer/aimeos/aimeos-core
Affected versions
2022.*
2022.04.1
2022.04.2
2022.04.3
2022.04.4
2022.04.5
2022.04.6
2022.04.7
2022.04.8
2022.04.9
2022.04.10
2022.07.1
2022.07.2
2022.07.3
2022.07.4
2022.07.5
2022.07.6
2022.07.7
2022.07.8
2022.10.1
2022.10.2
2022.10.3
2022.10.4
2022.10.5
2022.10.6
2022.10.7
2022.10.8
2022.10.9
2022.10.10
2022.10.11
2022.10.12
2022.10.13
2022.10.14
2022.10.15
2022.10.16