← Back

CVE-2024-39319

nvd nist
Published: Sep 26, 2024Modified: Mar 5, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

Affected (5)

Aimeos
1 product
Aimeos Frontend Controller
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Aimeos
Aimeos Frontend Controller
Before 2020.10.15
Aimeos Frontend Controller
From 2021.04.1 to 2021.10.8
Aimeos Frontend Controller
From 2022.04.1 to 2022.10.8
Aimeos Frontend Controller
From 2023.04.1 to 2023.10.9
Aimeos Frontend Controller
Version 2024.04.1

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (11)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.