mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
136 lines
5.6 KiB
JSON
136 lines
5.6 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-37296",
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-841: Improper Enforcement of Behavioral Workflow",
|
|
"cweId": "CWE-841"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-862: Missing Authorization",
|
|
"cweId": "CWE-862"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "aimeos",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "ai-client-html",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 2024.04.1, < 2024.04.5"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 2023.04.1, < 2023.10.14"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 2022.04.1, < 2022.10.12"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 2021.04.1, < 2021.10.21"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 2020.04.1, < 2020.10.27"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7"
|
|
},
|
|
{
|
|
"url": "https://github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83"
|
|
},
|
|
{
|
|
"url": "https://github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214"
|
|
},
|
|
{
|
|
"url": "https://github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975"
|
|
},
|
|
{
|
|
"url": "https://github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409"
|
|
},
|
|
{
|
|
"url": "https://github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-v4g2-cm5v-cxv7",
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |