CVE-2024-39325

Summary

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

Affected Software

VendorProductVersion RangeStatus
aimeosai-controller-frontend= 2024.04.1affected
aimeosai-controller-frontend>= 2023.04.1, < 2023.10.9affected
aimeosai-controller-frontend>= 2022.04.1, < 2022.10.8affected
aimeosai-controller-frontend>= 2021.04.1, < 2021.10.8affected
aimeosai-controller-frontend< 2020.10.15affected

Weaknesses

  • CWE-841: CWE-841: Improper Enforcement of Behavioral Workflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References