CVE-2024-37296 Aimeos HTML client vulnerable to digital products download without proper payment status check

🗓️ 11 Jun 2024 14:43:39Reported by GoogleType

osv🔗 osv.dev👁 30 Views

The Aimeos HTML client allows unauthorized digital downloads in versions prior to 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.

Reporter	Title	Published	Views	Family All 10
CNNVD	Aimeos Security Breach	11 Jun 202400:00	–	cnnvd
CVE	CVE-2024-37296	11 Jun 202414:43	–	cve
Cvelist	CVE-2024-37296 Aimeos HTML client vulnerable to digital products download without proper payment status check	11 Jun 202414:43	–	cvelist
EUVD	EUVD-2024-2168	3 Oct 202520:07	–	euvd
Github Security Blog	Digital products download without proper payment status check	5 Jun 202413:30	–	github
GitLab Advisory Database	Digital products download without proper payment status check	5 Jun 202400:00	–	gitlab
NVD	CVE-2024-37296	11 Jun 202415:16	–	nvd
OSV	GHSA-V4G2-CM5V-CXV7 Digital products download without proper payment status check	5 Jun 202413:30	–	osv
RedhatCVE	CVE-2024-37296	23 May 202507:43	–	redhatcve
Vulnrichment	CVE-2024-37296 Aimeos HTML client vulnerable to digital products download without proper payment status check	11 Jun 202414:43	–	vulnrichment

Source	Link
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37296.json
github	www.github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-37296
github	www.github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83
github	www.github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214
github	www.github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975
github	www.github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409
github	www.github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0

10 Apr 2026 05:14Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.3

EPSS0.00278