5.3
CVE-2024-39325
- EPSS 0.67%
- Published 02.07.2024 21:15:11
- Last modified 21.11.2024 09:27:28
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
Data is provided by the National Vulnerability Database (NVD)
Aimeos ≫ Aimeos Frontend Controller Version < 2020.10.15
Aimeos ≫ Aimeos Frontend Controller Version >= 2021.04.1 < 2021.10.8
Aimeos ≫ Aimeos Frontend Controller Version >= 2022.04.1 < 2022.10.8
Aimeos ≫ Aimeos Frontend Controller Version >= 2023.04.1 < 2023.10.9
Aimeos ≫ Aimeos Frontend Controller Version2024.04.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.703 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-841 Improper Enforcement of Behavioral Workflow
The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.