Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ai-controller-frontend by aimeos

    CVE-2024-39319 (GCVE-0-2024-39319)

    Vulnerability from nvd – Published: 2024-09-26 16:07 – Updated: 2024-09-26 18:24
    VLAI
    Title
    aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
    Summary
    aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    aimeos ai-controller-frontend Affected: = 2024.04.1
    Affected: >= 2023.04.1, < 2023.10.9
    Affected: >= 2022.04.1, < 2022.10.8
    Affected: >= 2021.04.1, < 2021.10.8
    Affected: < 2020.10.15
    Create a notification for this product.
    aimeos_project ai-controller-frontend Affected: 2024.04.1
    Affected: 2023.04.1 , < 2023.10.9 (custom)
    Affected: 2022.04.1 , < 2022.10.8 (custom)
    Affected: 2021.04.1 , < 2021.10.8 (custom)
    Affected: 0 , < 2020.10.15 (custom)
        cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ai-controller-frontend",
                "vendor": "aimeos_project",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2024.04.1"
                  },
                  {
                    "lessThan": "2023.10.9",
                    "status": "affected",
                    "version": "2023.04.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2022.10.8",
                    "status": "affected",
                    "version": "2022.04.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2021.10.8",
                    "status": "affected",
                    "version": "2021.04.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2020.10.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T17:55:58.738464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T18:24:00.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ai-controller-frontend",
              "vendor": "aimeos",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 2024.04.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2023.04.1, \u003c 2023.10.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2022.04.1, \u003c 2022.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2021.04.1, \u003c 2021.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2020.10.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T16:07:01.482Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85"
            }
          ],
          "source": {
            "advisory": "GHSA-rw3j-574h-mrcq",
            "discovery": "UNKNOWN"
          },
          "title": "aimeos/ai-controller-frontend has IDOR vulnerability in account profile page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-39319",
        "datePublished": "2024-09-26T16:07:01.482Z",
        "dateReserved": "2024-06-21T18:15:22.262Z",
        "dateUpdated": "2024-09-26T18:24:00.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39325 (GCVE-0-2024-39325)

    Vulnerability from nvd – Published: 2024-07-02 20:36 – Updated: 2024-08-02 04:19
    VLAI
    Title
    aimeos/ai-controller-frontend doesn't reset payment status in basket
    Summary
    aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-841 - Improper Enforcement of Behavioral Workflow
    Assigner
    Impacted products
    Vendor Product Version
    aimeos ai-controller-frontend Affected: = 2024.04.1
    Affected: >= 2023.04.1, < 2023.10.9
    Affected: >= 2022.04.1, < 2022.10.8
    Affected: >= 2021.04.1, < 2021.10.8
    Affected: < 2020.10.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T21:11:59.036836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T21:12:10.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:19:20.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ai-controller-frontend",
              "vendor": "aimeos",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 2024.04.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2023.04.1, \u003c 2023.10.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2022.04.1, \u003c 2022.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2021.04.1, \u003c 2021.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2020.10.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "aimeos/ai-controller-frontend is the  Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn\u0027t reset the payment status of a user\u0027s basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-841",
                  "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T20:36:58.336Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855"
            }
          ],
          "source": {
            "advisory": "GHSA-m9gv-6p22-qgmj",
            "discovery": "UNKNOWN"
          },
          "title": "aimeos/ai-controller-frontend doesn\u0027t reset payment status in basket"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-39325",
        "datePublished": "2024-07-02T20:36:58.336Z",
        "dateReserved": "2024-06-21T18:15:22.264Z",
        "dateUpdated": "2024-08-02T04:19:20.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39319 (GCVE-0-2024-39319)

    Vulnerability from cvelistv5 – Published: 2024-09-26 16:07 – Updated: 2024-09-26 18:24
    VLAI
    Title
    aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
    Summary
    aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    aimeos ai-controller-frontend Affected: = 2024.04.1
    Affected: >= 2023.04.1, < 2023.10.9
    Affected: >= 2022.04.1, < 2022.10.8
    Affected: >= 2021.04.1, < 2021.10.8
    Affected: < 2020.10.15
    Create a notification for this product.
    aimeos_project ai-controller-frontend Affected: 2024.04.1
    Affected: 2023.04.1 , < 2023.10.9 (custom)
    Affected: 2022.04.1 , < 2022.10.8 (custom)
    Affected: 2021.04.1 , < 2021.10.8 (custom)
    Affected: 0 , < 2020.10.15 (custom)
        cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ai-controller-frontend",
                "vendor": "aimeos_project",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2024.04.1"
                  },
                  {
                    "lessThan": "2023.10.9",
                    "status": "affected",
                    "version": "2023.04.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2022.10.8",
                    "status": "affected",
                    "version": "2022.04.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2021.10.8",
                    "status": "affected",
                    "version": "2021.04.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "2020.10.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T17:55:58.738464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T18:24:00.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ai-controller-frontend",
              "vendor": "aimeos",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 2024.04.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2023.04.1, \u003c 2023.10.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2022.04.1, \u003c 2022.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2021.04.1, \u003c 2021.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2020.10.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T16:07:01.482Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85"
            }
          ],
          "source": {
            "advisory": "GHSA-rw3j-574h-mrcq",
            "discovery": "UNKNOWN"
          },
          "title": "aimeos/ai-controller-frontend has IDOR vulnerability in account profile page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-39319",
        "datePublished": "2024-09-26T16:07:01.482Z",
        "dateReserved": "2024-06-21T18:15:22.262Z",
        "dateUpdated": "2024-09-26T18:24:00.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39325 (GCVE-0-2024-39325)

    Vulnerability from cvelistv5 – Published: 2024-07-02 20:36 – Updated: 2024-08-02 04:19
    VLAI
    Title
    aimeos/ai-controller-frontend doesn't reset payment status in basket
    Summary
    aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-841 - Improper Enforcement of Behavioral Workflow
    Assigner
    Impacted products
    Vendor Product Version
    aimeos ai-controller-frontend Affected: = 2024.04.1
    Affected: >= 2023.04.1, < 2023.10.9
    Affected: >= 2022.04.1, < 2022.10.8
    Affected: >= 2021.04.1, < 2021.10.8
    Affected: < 2020.10.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T21:11:59.036836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T21:12:10.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:19:20.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7"
              },
              {
                "name": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ai-controller-frontend",
              "vendor": "aimeos",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 2024.04.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2023.04.1, \u003c 2023.10.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2022.04.1, \u003c 2022.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2021.04.1, \u003c 2021.10.8"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2020.10.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "aimeos/ai-controller-frontend is the  Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn\u0027t reset the payment status of a user\u0027s basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-841",
                  "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T20:36:58.336Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-m9gv-6p22-qgmj"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/16b8837d2466e3665b3c826ce87934b01a847268"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/24a57001e56759d1582d2a0080fc1ca3ba328630"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/28549808e0f6432a34cd3fb95556deeb86ca276d"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/b1960c0b6e5ee93111a5360c9ce949b3e7528cf7"
            },
            {
              "name": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aimeos/ai-controller-frontend/commit/dafa072783bb692f111ed092d9d2932c113eb855"
            }
          ],
          "source": {
            "advisory": "GHSA-m9gv-6p22-qgmj",
            "discovery": "UNKNOWN"
          },
          "title": "aimeos/ai-controller-frontend doesn\u0027t reset payment status in basket"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-39325",
        "datePublished": "2024-07-02T20:36:58.336Z",
        "dateReserved": "2024-06-21T18:15:22.264Z",
        "dateUpdated": "2024-08-02T04:19:20.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }