2 matches found
CVE-2024-58248
nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards...
CVE-2024-58248
CVE-2024-58248 affects nopCommerce prior to 4.80.0 (public notes reference up to 4.90.1) where order placement lacks locking, enabling a race condition that can allow duplicate gift card redemption. Public advisories (NVD/Red Hat/OSV/Snyk) confirm the issue and cite a remediation to upgrade to ve...