CVE-2024-38516

{"id": "CVE-2024-38516", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-25T21:15:59.957", "references": [{"url": "https://github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132", "source": "security-advisories@github.com"}, {"url": "https://github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1295"}]}], "descriptions": [{"lang": "en", "value": "ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22."}, {"lang": "es", "value": "ai-client-html es un componente del cliente HTML de comercio electr\u00f3nico de Aimeos. La informaci\u00f3n de depuraci\u00f3n revel\u00f3 informaci\u00f3n confidencial de las variables de entorno en el registro de errores. Este problema se solucion\u00f3 en las versiones 2024.04.7, 2023.10.15, 2022.10.13 y 2021.10.22."}], "lastModified": "2024-06-26T12:44:29.693", "sourceIdentifier": "security-advisories@github.com"}