Home > Vulnerability Database > CVE-2024-45300

Mend.io Vulnerability Database

CVE-2024-45300

Date: September 6, 2024

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.

Language: Java

Severity Score

7.5

Related Resources (4)

Url: https://github.com/alfio-event/alf.io/security/advisories/GHSA-67jg-m6f3-473g

Url: https://github.com/alfio-event/alf.io/commit/53b3309e26e8acec6860d1e045df3046153a3245

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45300

Url: https://www.mend.io/vulnerability-database/CVE-2024-45300

Severity Score

7.5

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45300

Date: September 6, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?