High severity8.4GHSA Advisory· Published Apr 15, 2026· Updated Apr 27, 2026

CVE-2024-53412

Description

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/NietThijmen/ShoppingCartGo	<= 0.0.0-20241101155353-3dd137080276	—

Affected products

Codethat/ShoppingcartGHSA
Range: <= 0.0.0-20241101155353-3dd137080276

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-ggmw-mjhv-75rmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-53412ghsaADVISORY
github.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.mdnvdWEB
github.com/NietThijmen/ShoppingCart/issues/1nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000