Vulnerability Details CVE-2024-39319
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.3%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2
- https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9
- https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac
- https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5
- https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b
- https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f
- https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6
- https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3
- https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb
- https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85
- https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq
Products affected by CVE-2024-39319
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.07.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.07.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2016.10.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.01.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.01.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.04.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.04.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.04.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.04.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.04.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.04.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.04.7
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.07.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.07.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2017.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.01.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.01.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.04.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.04.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.04.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.07.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.07.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.07.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.07.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.07.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.7
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.8
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2018.10.9
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.01.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.01.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.04.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.04.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.04.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.04.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.04.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.07.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.07.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.07.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.07.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.10
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.11
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.12
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.13
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.14
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.15
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.16
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.7
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.8
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2019.10.9
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.01.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.01.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.04.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.07.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.10
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.11
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.12
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.13
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.14
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.7
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.8
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2020.10.9
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.04.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.04.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.04.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.04.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.04.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.07.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.10.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2021.10.7
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.04.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.04.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.04.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.04.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.04.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.07.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.07.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.10.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2022.10.7
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.04.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.04.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.07.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.1
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.2
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.3
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.4
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.5
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.6
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.7
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2023.10.8
-
cpe:2.3:a:aimeos:aimeos_frontend_controller:2024.04.1