GoogleOSV:GHSA-XJM6-JFMG-QC6PAimeos denial of service vulnerability in SaaS and marketplace setups
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Impact
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack
Patches
Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core package
References
github.com/aimeos/aimeos-core
github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6f
github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461
github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45f
github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17
github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17
github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7
github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p
nvd.nist.gov/vuln/detail/CVE-2024-37294
Related
5.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%