CVE-2024-38516

Summary

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.

Affected Software

VendorProductVersion RangeStatus
aimeosai-client-html>= 2024.04.1, < 2024.04.7affected
aimeosai-client-html>= 2023.04.1, < 2023.10.15affected
aimeosai-client-html>= 2022.04.1, < 2022.10.13affected
aimeosai-client-html>= 2021.10.1, < 2021.10.22affected

Weaknesses

  • CWE-1295: CWE-1295: Debug Messages Revealing Unnecessary Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References