Medium severity5.5NVD Advisory· Published Jun 11, 2024· Updated Apr 15, 2026
CVE-2024-37294
CVE-2024-37294
Description
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimeos/aimeos-corePackagist | >= 2024.04.1, < 2024.04.7 | 2024.04.7 |
aimeos/aimeos-corePackagist | >= 2023.04.1, < 2023.10.17 | 2023.10.17 |
aimeos/aimeos-corePackagist | >= 2022.04.1, < 2022.10.17 | 2022.10.17 |
Patches
466edb06a53e5Fixed checks for saving and retrieving locale items
2 files changed · +5 −5
setup/MShopAddLocaleData.php+2 −2 modified@@ -165,9 +165,9 @@ protected function addLocaleData( \Aimeos\MShop\Common\Manager\Iface $localeMana throw new \RuntimeException( sprintf( 'No ID for site for key "%1$s" found', $dataset['site'] ) ); } + $this->context()->setLocale( $localeManager->create()->setSiteId( $siteIds[$dataset['site']]['site'] ) ); $item = $localeManager->create()->fromArray( $dataset, true ) - ->set( 'site_id', $siteIds[$dataset['site']]['id'] ) - ->setSiteId( $siteIds[$dataset['site']]['site'] ); + ->set( 'site_id', $siteIds[$dataset['site']]['id'] ); try { $localeManager->save( $item );
src/MShop/Locale/Manager/Standard.php+3 −3 modified@@ -314,8 +314,8 @@ public function get( string $id, array $ref = [], ?bool $default = false ) : \Ai public function search( \Aimeos\Base\Criteria\Iface $search, array $ref = [], int &$total = null ) : \Aimeos\Map { $items = []; -// $level = \Aimeos\MShop\Locale\Manager\Base::SITE_PATH; -// $search = (clone $search)->add( $this->siteCondition( 'locale.siteid', $level ) ); + $level = \Aimeos\MShop\Locale\Manager\Base::SITE_PATH; + $search = (clone $search)->add( $this->siteCondition( 'locale.siteid', $level ) ); foreach( $this->searchEntries( $search, $ref, $total ) as $row ) { @@ -484,7 +484,7 @@ public function saveItem( \Aimeos\MShop\Locale\Item\Iface $item, bool $fetch = t $stmt->bind( $idx++, $date ); // mtime $stmt->bind( $idx++, $context->editor() ); $stmt->bind( $idx++, $item->get( 'site_id' ), \Aimeos\Base\DB\Statement\Base::PARAM_INT ); - $stmt->bind( $idx++, $item->getSiteId() ); + $stmt->bind( $idx++, $context->locale()->getSiteId() ); if( $id !== null ) { $stmt->bind( $idx++, $id, \Aimeos\Base\DB\Statement\Base::PARAM_INT );
e933345915fcFixed checks for saving and retrieving locale items
2 files changed · +5 −5
setup/MShopAddLocaleData.php+2 −2 modified@@ -152,8 +152,8 @@ protected function addLocaleData( \Aimeos\MShop\Common\Manager\Iface $localeMana throw new \RuntimeException( sprintf( 'No ID for site for key "%1$s" found', $dataset['site'] ) ); } - $item = $localeManager->create()->fromArray( $dataset, true ) - ->setSiteId( $siteIds[$dataset['site']]['site'] ); + $this->context()->setLocale( $localeManager->create()->setSiteId( $siteIds[$dataset['site']]['site'] ) ); + $item = $localeManager->create()->fromArray( $dataset, true ); try { $localeManager->save( $item );
src/MShop/Locale/Manager/Standard.php+3 −3 modified@@ -313,8 +313,8 @@ public function get( string $id, array $ref = [], ?bool $default = false ) : \Ai public function search( \Aimeos\Base\Criteria\Iface $search, array $ref = [], int &$total = null ) : \Aimeos\Map { $items = []; -// $level = \Aimeos\MShop\Locale\Manager\Base::SITE_PATH; -// $search = (clone $search)->add( $this->siteCondition( 'locale.siteid', $level ) ); + $level = \Aimeos\MShop\Locale\Manager\Base::SITE_PATH; + $search = (clone $search)->add( $this->siteCondition( 'locale.siteid', $level ) ); foreach( $this->searchEntries( $search, $ref, $total ) as $row ) { @@ -484,7 +484,7 @@ protected function saveItem( \Aimeos\MShop\Locale\Item\Iface $item, bool $fetch $stmt->bind( $idx++, $date ); // mtime $stmt->bind( $idx++, $context->editor() ); $stmt->bind( $idx++, end( $siteIds ), \Aimeos\Base\DB\Statement\Base::PARAM_INT ); - $stmt->bind( $idx++, $item->getSiteId() ); + $stmt->bind( $idx++, $context->locale()->getSiteId() ); if( $id !== null ) { $stmt->bind( $idx++, $id, \Aimeos\Base\DB\Statement\Base::PARAM_INT );
a9c472c1a3e469e2ea127c4eFixed checks for saving and retrieving locale items
2 files changed · +5 −5
setup/MShopAddLocaleData.php+2 −2 modified@@ -164,8 +164,8 @@ protected function addLocaleData( \Aimeos\MShop\Common\Manager\Iface $localeMana throw new \RuntimeException( sprintf( 'No ID for site for key "%1$s" found', $dataset['site'] ) ); } - $item = $localeManager->create()->fromArray( $dataset, true ) - ->setSiteId( $siteIds[$dataset['site']]['site'] ); + $this->context()->setLocale( $localeManager->create()->setSiteId( $siteIds[$dataset['site']]['site'] ) ); + $item = $localeManager->create()->fromArray( $dataset, true ); try { $localeManager->save( $item );
src/MShop/Locale/Manager/Standard.php+3 −3 modified@@ -313,8 +313,8 @@ public function get( string $id, array $ref = [], ?bool $default = false ) : \Ai public function search( \Aimeos\Base\Criteria\Iface $search, array $ref = [], int &$total = null ) : \Aimeos\Map { $items = []; -// $level = \Aimeos\MShop\Locale\Manager\Base::SITE_PATH; -// $search = (clone $search)->add( $this->siteCondition( 'locale.siteid', $level ) ); + $level = \Aimeos\MShop\Locale\Manager\Base::SITE_PATH; + $search = (clone $search)->add( $this->siteCondition( 'locale.siteid', $level ) ); foreach( $this->searchEntries( $search, $ref, $total ) as $row ) { @@ -484,7 +484,7 @@ protected function saveItem( \Aimeos\MShop\Locale\Item\Iface $item, bool $fetch $stmt->bind( $idx++, $date ); // mtime $stmt->bind( $idx++, $context->editor() ); $stmt->bind( $idx++, end( $siteIds ), \Aimeos\Base\DB\Statement\Base::PARAM_INT ); - $stmt->bind( $idx++, $item->getSiteId() ); + $stmt->bind( $idx++, $context->locale()->getSiteId() ); if( $id !== null ) { $stmt->bind( $idx++, $id, \Aimeos\Base\DB\Statement\Base::PARAM_INT );
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-xjm6-jfmg-qc6pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-37294ghsaADVISORY
- github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6fghsaWEB
- github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461ghsaWEB
- github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45fghsaWEB
- github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17ghsaWEB
- github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17ghsaWEB
- github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7ghsaWEB
- github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6pnvdWEB
News mentions
0No linked articles in our index yet.