Medium severity5.3OSV Advisory· Published Jun 11, 2024· Updated Apr 15, 2026
CVE-2024-37296
CVE-2024-37296
Description
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimeos/ai-client-htmlPackagist | >= 2024.04.1, < 2024.04.5 | 2024.04.5 |
aimeos/ai-client-htmlPackagist | >= 2023.04.1, < 2023.10.14 | 2023.10.14 |
aimeos/ai-client-htmlPackagist | >= 2022.04.1, < 2022.10.12 | 2022.10.12 |
aimeos/ai-client-htmlPackagist | >= 2021.04.1, < 2021.10.21 | 2021.10.21 |
aimeos/ai-client-htmlPackagist | >= 2020.04.1, < 2020.10.27 | 2020.10.27 |
Affected products
2- Range: 2016.07.1, 2017.01.1, 2017.07.1, …
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-v4g2-cm5v-cxv7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-37296ghsaADVISORY
- github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83nvdWEB
- github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214nvdWEB
- github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975nvdWEB
- github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409nvdWEB
- github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0nvdWEB
- github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7nvdWEB
News mentions
0No linked articles in our index yet.