CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack
Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core package
Vendor | Product | Version | CPE |
---|---|---|---|
aimeos | aimeos-core | * | cpe:2.3:a:aimeos:aimeos-core:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-xjm6-jfmg-qc6p
github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6f
github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461
github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45f
github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17
github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17
github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7
github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p
nvd.nist.gov/vuln/detail/CVE-2024-37294