Описание
nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.
Ссылки
- ExploitThird Party Advisory
- Issue TrackingVendor AdvisoryPatch
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 4.80.0 (исключая)
cpe:2.3:a:nopcommerce:nopcommerce:*:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
3.5 Low
CVSS3
Дефекты
CWE-362
Связанные уязвимости
CVSS3: 3.5
github
10 месяцев назад
nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.
EPSS
Процентиль: 15%
0.00049
Низкий
3.5 Low
CVSS3
Дефекты
CWE-362