CVE-2024-37296

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.
Configurations

No configuration.

History

21 Nov 2024, 09:23

Type Values Removed Values Added
References () https://github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83 - () https://github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83 -
References () https://github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214 - () https://github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214 -
References () https://github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975 - () https://github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975 -
References () https://github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409 - () https://github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409 -
References () https://github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0 - () https://github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0 -
References () https://github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7 - () https://github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7 -

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) El cliente HTML de Aimeos proporciona componentes HTML de Aimeos para proyectos de comercio electrónico. A partir de la versión 2020.04.1 y anteriores a las versiones 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14 y 2024.04.5, Las descargas digitales vendidas en tiendas en línea se pueden descargar sin un pago válido, por ejemplo, si el pago no se realizó correctamente. Las versiones 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14 y 2024.04.5 solucionan este problema.

11 Jun 2024, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-11 15:16

Updated : 2024-11-21 09:23


NVD link : CVE-2024-37296

Mitre link : CVE-2024-37296

CVE.ORG link : CVE-2024-37296


JSON object : View

Products Affected

No product.

CWE
CWE-841

Improper Enforcement of Behavioral Workflow

CWE-862

Missing Authorization