Moderate severityNVD Advisory· Published Jul 2, 2024· Updated Aug 2, 2024
aimeos/ai-controller-frontend doesn't reset payment status in basket
CVE-2024-39325
Description
aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimeos/ai-controller-frontendPackagist | >= 2023.04.1, < 2023.10.9 | 2023.10.9 |
aimeos/ai-controller-frontendPackagist | >= 2022.04.1, < 2022.10.8 | 2022.10.8 |
aimeos/ai-controller-frontendPackagist | >= 2021.04.1, < 2021.10.8 | 2021.10.8 |
aimeos/ai-controller-frontendPackagist | < 2020.10.15 | 2020.10.15 |
Affected products
2- Range: = 2024.04.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-m9gv-6p22-qgmjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39325ghsaADVISORY
- github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268ghsax_refsource_MISCWEB
- github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630ghsax_refsource_MISCWEB
- github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276dghsax_refsource_MISCWEB
- github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7ghsax_refsource_MISCWEB
- github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855ghsax_refsource_MISCWEB
- github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.