Aimeos AI Controller Frontend Fixes Payment Status Reset Issue
CVE-2024-39325

5.3MEDIUM

Key Information:

Vendor: aimeos
Status: Aimeos Frontend Controller
Vendor: CVE Published:; 2 July 2024

What is CVE-2024-39325?

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

References

https://github.com/aimeos/ai-controller-frontend/security...

https://github.com/aimeos/ai-controller-frontend/commit/1...

https://github.com/aimeos/ai-controller-frontend/commit/2...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2024