VYPR

Packagist (Composer) package

aimeos/ai-admin-graphql

pkg:composer/aimeos/ai-admin-graphql

Vulnerabilities (3)

  • CVE-2024-47173MedOct 24, 2024
    affected >= 2024.04.1, < 2024.07.2fixed 2024.07.2

    Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.

  • CVE-2024-39324Jul 2, 2024
    affected >= 2022.04.1, < 2022.10.10fixed 2022.10.10

    aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end.

  • CVE-2024-39323HigJul 2, 2024
    affected >= 2022.04.1, < 2022.10.10fixed 2022.10.10

    aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versio