Medium severity5.3NVD Advisory· Published Jun 11, 2024· Updated Apr 15, 2026
CVE-2024-37296
CVE-2024-37296
Description
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimeos/ai-client-htmlPackagist | >= 2024.04.1, < 2024.04.5 | 2024.04.5 |
aimeos/ai-client-htmlPackagist | >= 2023.04.1, < 2023.10.14 | 2023.10.14 |
aimeos/ai-client-htmlPackagist | >= 2022.04.1, < 2022.10.12 | 2022.10.12 |
aimeos/ai-client-htmlPackagist | >= 2021.04.1, < 2021.10.21 | 2021.10.21 |
aimeos/ai-client-htmlPackagist | >= 2020.04.1, < 2020.10.27 | 2020.10.27 |
Patches
55a7249769142Check for payment status on downloads
1 file changed · +1 −0
client/html/src/Client/Html/Account/Download/Standard.php+1 −0 modified@@ -288,6 +288,7 @@ protected function checkAccess( string $id = null ) : bool $search = $manager->createSearch(); $expr = array( + $search->compare( '>=', 'order.statuspayment', \Aimeos\MShop\Order\Item\Base::PAY_RECEIVED ), $search->compare( '==', 'order.base.customerid', $customerId ), $search->compare( '==', 'order.base.product.attribute.id', $id ), );
7f01d2f4fbc6Check for payment status on downloads
1 file changed · +1 −0
client/html/src/Client/Html/Account/Download/Standard.php+1 −0 modified@@ -288,6 +288,7 @@ protected function checkAccess( string $id = null ) : bool $search = $manager->filter(); $expr = array( + $search->compare( '>=', 'order.statuspayment', \Aimeos\MShop\Order\Item\Base::PAY_RECEIVED ), $search->compare( '==', 'order.base.customerid', $customerId ), $search->compare( '==', 'order.base.product.attribute.id', $id ), );
fc611ff9a57eCheck for payment status on downloads
1 file changed · +2 −1
src/Client/Html/Account/Download/Standard.php+2 −1 modified@@ -183,10 +183,11 @@ protected function checkAccess( string $id = null ) : bool if( ( $customerId = $context->user() ) !== null && $id !== null ) { - $manager = \Aimeos\MShop::create( $context, 'order/base' ); + $manager = \Aimeos\MShop::create( $context, 'order' ); $search = $manager->filter(); $expr = array( + $search->compare( '>=', 'order.statuspayment', \Aimeos\MShop\Order\Item\Base::PAY_RECEIVED ), $search->compare( '==', 'order.base.customerid', $customerId ), $search->compare( '==', 'order.base.product.attribute.id', $id ), );
6460ffe8f492Check for payment status on downloads
1 file changed · +1 −0
src/Client/Html/Account/Download/Standard.php+1 −0 modified@@ -187,6 +187,7 @@ protected function checkAccess( string $id = null ) : bool $search = $manager->filter(); $expr = array( + $search->compare( '>=', 'order.statuspayment', \Aimeos\MShop\Order\Item\Base::PAY_RECEIVED ), $search->compare( '==', 'order.customerid', $customerId ), $search->compare( '==', 'order.product.attribute.id', $id ), );
12d8aad1a373Check for payment status on downloads
1 file changed · +1 −0
src/Client/Html/Account/Download/Standard.php+1 −0 modified@@ -187,6 +187,7 @@ protected function checkAccess( string $id = null ) : bool $search = $manager->filter(); $expr = array( + $search->compare( '>=', 'order.statuspayment', \Aimeos\MShop\Order\Item\Base::PAY_RECEIVED ), $search->compare( '==', 'order.customerid', $customerId ), $search->compare( '==', 'order.product.attribute.id', $id ), );
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-v4g2-cm5v-cxv7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-37296ghsaADVISORY
- github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83nvdWEB
- github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214nvdWEB
- github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975nvdWEB
- github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409nvdWEB
- github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0nvdWEB
- github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7nvdWEB
News mentions
0No linked articles in our index yet.