Описание
Aimeos denial of service vulnerability in SaaS and marketplace setups
Impact
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack
Patches
Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core package
Ссылки
- https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p
- https://nvd.nist.gov/vuln/detail/CVE-2024-37294
- https://github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6f
- https://github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461
- https://github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45f
- https://github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17
- https://github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17
- https://github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7
Пакеты
aimeos/aimeos-core
>= 2024.04.1, < 2024.04.7
2024.04.7
aimeos/aimeos-core
>= 2023.04.1, < 2023.10.17
2023.10.17
aimeos/aimeos-core
>= 2022.04.1, < 2022.10.17
2022.10.17
Связанные уязвимости
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.