High severity8.8NVD Advisory· Published Jun 25, 2024· Updated Apr 15, 2026
CVE-2024-38516
CVE-2024-38516
Description
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimeos/ai-client-htmlPackagist | >= 2024.04.1, < 2024.04.7 | 2024.04.7 |
aimeos/ai-client-htmlPackagist | >= 2023.04.1, < 2023.10.15 | 2023.10.15 |
aimeos/ai-client-htmlPackagist | >= 2022.04.1, < 2022.10.13 | 2022.10.13 |
aimeos/ai-client-htmlPackagist | >= 2021.10.1, < 2021.10.22 | 2021.10.22 |
Patches
535b80e1ff1dcf3bc8bd92838cf34990f92e840e1f8219e91bb389620ffc3Don't log security relevant data to prevent revealing information
1 file changed · +1 −5
src/Client/Html/Checkout/Confirm/Standard.php+1 −5 modified@@ -115,11 +115,7 @@ public function data( \Aimeos\Base\View\Iface $view, array &$tags = [], string & $context = $this->context(); $config = $context->config(); - if( ( $id = $context->session()->get( 'aimeos/orderid' ) ) === null ) - { - $context->logger()->log( 'Lost session at confirmation page' . PHP_EOL - . '$_COOKIE: ' . print_r( $_COOKIE, true ) . PHP_EOL - . '$_SERVER: ' . print_r( $_SERVER, true ) ); + if( ( $id = $context->session()->get( 'aimeos/orderid' ) ) === null ) { throw new \Aimeos\Client\Html\Exception( $context->translate( 'client', 'No order ID available in session' ) ); }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.