Vulnerability DatabaseCVE-2024-37294
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-37294
June 11, 2024
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.
Related Resources (9)
https://github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6f
https://github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17
https://github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45f
https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p
https://github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17
https://github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7
https://nvd.nist.gov/vuln/detail/CVE-2024-37294
https://github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461
https://github.com/aimeos/aimeos-core
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
HIGH
Weakness Type (CWE)
Privilege Context Switching Error
CWE-270
EPSS
Base Score:
0.08