CVE-2024-39325

moderate-risk
Published 2024-07-02

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

Do I need to act?

-
0.67% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Aimeos Frontend Controller
Aimeos Frontend Controller

Affected Vendors

Aimeos

References (12)

Patch https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826c...
Patch https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a00...
Patch https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb9...
Patch https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c...
Patch https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092...
Vendor Advisory https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6...
Patch https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826c...
Patch https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a00...
Patch https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb9...
Patch https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c...
Patch https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092...
Vendor Advisory https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6...
30
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 2/34 · Minimal
Exposure 7/34 · Low