CVE-2024-37294

Summary

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.

Affected Software

VendorProductVersion RangeStatus
aimeosaimeos-core>= 2024.04.1, < 2024.04.7affected
aimeosaimeos-core>= 2023.04.1, < 2023.10.17affected
aimeosaimeos-core>= 2022.04.1, < 2022.10.17affected

Weaknesses

  • CWE-270: CWE-270: Privilege Context Switching Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References