Medium severity5.5OSV Advisory· Published Jun 11, 2024· Updated Apr 15, 2026
CVE-2024-37294
CVE-2024-37294
Description
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimeos/aimeos-corePackagist | >= 2024.04.1, < 2024.04.7 | 2024.04.7 |
aimeos/aimeos-corePackagist | >= 2023.04.1, < 2023.10.17 | 2023.10.17 |
aimeos/aimeos-corePackagist | >= 2022.04.1, < 2022.10.17 | 2022.10.17 |
Affected products
2- Range: 2024.04.1, 2024.04.2, 2024.04.3, …
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-xjm6-jfmg-qc6pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-37294ghsaADVISORY
- github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6fghsaWEB
- github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461ghsaWEB
- github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45fghsaWEB
- github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17ghsaWEB
- github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17ghsaWEB
- github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7ghsaWEB
- github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6pnvdWEB
News mentions
0No linked articles in our index yet.