Описание
Digital products download without proper payment status check
Impact
Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed.
Patches
New versions for the Aimeos HTML client 2020-2024 are available
Ссылки
- https://github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7
- https://nvd.nist.gov/vuln/detail/CVE-2024-37296
- https://github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83
- https://github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214
- https://github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975
- https://github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409
- https://github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0
Пакеты
aimeos/ai-client-html
>= 2024.04.1, < 2024.04.4
2024.04.5
aimeos/ai-client-html
>= 2023.04.1, < 2023.10.14
2023.10.14
aimeos/ai-client-html
>= 2022.04.1, < 2022.10.12
2022.10.12
aimeos/ai-client-html
>= 2021.04.1, < 2021.10.21
2021.10.21
aimeos/ai-client-html
>= 2020.04.1, < 2020.10.27
2020.10.27
Связанные уязвимости
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.